[Snort-devel] RE: [Snort-users] Possible Queso Fingerprint attempt?
emf at ...367...
Thu Mar 15 06:26:27 EST 2001
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, Mar 15, 2001 at 05:03:18AM -0500, Aaron S. Carmichael wrote:
> We have noticed something very much the same. The offending Possible Queso
> Fingerprint was coming from a linux org in Virginia. Now we know this
> particular system has not been compromised but every time one of our users
> get mail from their list snort sees it at a Possible Queso Fingerprint.
Possible Queso Fingerprint means "12S" packets. This is a result of
Explicit Congestion Notification, an experimental RFC that has been enabled
by default in Linux 2.4.x. 
If linux boxes talk to you, you'll see this. A lot.
 If anyone involved in that asinine decision is reading this, I'd
certainly like to thank you for really buggering up a lot of firewalls and
IDS's around the world. That was a great plan, guys. Top notch execution,
Security Administrator, ServerVault, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
More information about the Snort-users