[Snort-sigs] Voip attack

Chong Lee Poh Chong.LeePoh at ...3489...
Mon Apr 4 20:48:31 EDT 2011


Anyone can help? 
I am using Snort 2.9.0.3, and getting a lot of these events, but unable
to find the meaning. There is no documentation available to download
too. Please assist. 

-FIN number is greater than prior FIN [Priority: 3] {TCP} 
-Consecutive TCP small segments exceeding threshold [Priority: 3] {TCP} 
-Reset outs ide window [Priority: 3] {TCP} 
-TCP Timestamp is missing [Priority: 3] {TCP} 
-Bad segment 
 


 > -----Original Message-----
> From: evilghost at ...3397... [mailto:evilghost at ...3397...]
> Sent: Thursday, March 10, 2011 9:33 AM
> To: snort-sigs at lists.sourceforge.net
> Subject: Re: [Snort-sigs] Voip attack
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 03/09/11 18:13, PAURON, GUILLAUME (GUILLAUME) wrote:
> > Thank you for your response :)
> 
> Mr Pauron,
> 
> I am curious if this question about VoIP is in regard to:
> 
>
http://www.csoonline.com/article/675126/3-simple-reasons-voip-abuse-will
-
> grow?source=rss_cso_exclude_net_net
> [1]
> 
> I thank you for any response even if off list.  It's not often VoIP
issues come
> up on-list and I'm curious to see if this inquiry is a reaction to
this article.
> 
> [1] I have no affiliation with this URL, nor am I astroturfing.
> 
> - --
> Kind Regards,
> - -evilghost
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
> 
> iQIcBAEBAgAGBQJNeCpGAAoJENgimYXu6xOHgg0P/1MP6UTsXmRUL6RQv3+sUF
> Ht
> w5ogLAafHSjjiD1va9/fBqkzIPO8TQu3GLoZMbeLHRVn568GZRrPjNNpUkV5DL22
> OrYyFiex2A67VANqGo/7d7P5g1p0N2OBK+NljyClVxl8mf26jVH7jlibF1VOAcXv
> JPgDt8TUuKsbepbTd8VJ9YRL7WR4dl3WUrRFEIuNz93r1JJ7zXXNqKuGvnM3qYcB
> vx9aSX2Ml+g/zxlb4v0ekkh8nM5RUUV6sXmYEz8qlrmitGCQk7435zB9Bnd5kU9J
> yc4GOtCa3SEtnap9s5fhUExaG5InBR+04pkKNZVREA1nThinohuQQHsIRsuxKtiM
> zhfe3wNgJFJPh/I5gZnBOAcYTJvbwlm++prClbBlUMEIg19IVSy0Bl3qUJsN3lZI
> Xl67IPSJPTr2QKEayMmG1hbeeNhKkcim4Dv6N9KrpWcxrGBEPAUpSlzEmteYSo+K
> HNGMmtaOWCk3NSTIpWOivpi55n5NR+gyxtkbmzj0ZcXfLdTuoPCk9tvgwkx1BNp
> u
> eVe2eNc8weB7fYNf+1erzrN6zswZdvyCpk6Dk+76B5Su3pFiIzs4OAFShqSZHcBY
> XKYJ/TGkMQ+DNNbDagutlL0w7l4TD5gNTxlp40Qm3Ue0vAUu24dIIE6Ir5zh+WnJ
> a8Z+o3yxTIRKFJ6Kn9lg
> =SHPC
> -----END PGP SIGNATURE-----
> 
> 
>
------------------------------------------------------------------------
------
> Colocation vs. Managed Hosting
> A question and answer guide to determining the best fit
> for your organization - today and in the future.
> http://p.sf.net/sfu/internap-sfd2d
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org

This e-mail and any attachments therewith are intended only for the use of the address. This e-mail may contain confidential and privileged information. Any unauthorized use, copying or  disclosure of information contained in this e-mail or its attachments is strictly prohibited and may be unlawful. If you have received this e-mail in error, please contact the sender via return e-mail and delete this e-mail and attachments thereafter. Any confidentiality or privilege is not waived or lost because this e-mail has been sent to you by mistake. Any liability for viruses is excluded to the fullest extent permitted by law.





More information about the Snort-sigs mailing list