[Snort-users] Is there a problem with Linux 2.4.0?

Ryan Russell ryan at ...35...
Thu Jan 11 15:34:00 EST 2001


On Fri, 12 Jan 2001, Jason Haar wrote:

> I just upgraded my snort box to 2.4.0 yesterday, and I've come in this
> morning to find a whole bunch of alerts about my snort box generating
> "probe-Queso Fingerprint attempt" and that it's portscanning other hosts
> every few minutes.
>
> I'm wondering if the IP Stack has changed in some way that causing these?

Yup.  2.3,2.4 kernels have adopted some of the undefined TCP header bits
for some sort of QoS function.  I believe newer versions of Snort stopped
flagging that?

					Ryan





More information about the Snort-users mailing list