[Snort-users] Is there a problem with Linux 2.4.0?

Jason Haar Jason.Haar at ...294...
Thu Jan 11 15:16:28 EST 2001


I just upgraded my snort box to 2.4.0 yesterday, and I've come in this
morning to find a whole bunch of alerts about my snort box generating
"probe-Queso Fingerprint attempt" and that it's portscanning other hosts
every few minutes.

I'm wondering if the IP Stack has changed in some way that causing these? I
have figured out that applications I was using fine before the upgrade are
responsible for these new alerts (e.g. fetchmail now causes snort to report
a portscan of "SYN 12****S* RESERVEDBITS"). 

I have captured an IMAP session that triggers this event, can someone tell
me what I should be looking for?

-- 
Cheers

Jason Haar

Unix/Special Projects, Trimble NZ
Phone: +64 3 9635 377 Fax: +64 3 9635 417




More information about the Snort-users mailing list