[Snort-devel] RE: [Snort-users] Possible Queso Fingerprint attempt?
ookhoi at ...1580...
Thu Mar 15 06:55:22 EST 2001
> > We have noticed something very much the same. The offending Possible Queso
> > Fingerprint was coming from a linux org in Virginia. Now we know this
> > particular system has not been compromised but every time one of our users
> > get mail from their list snort sees it at a Possible Queso Fingerprint.
> Possible Queso Fingerprint means "12S" packets. This is a result of
> Explicit Congestion Notification, an experimental RFC that has been enabled
> by default in Linux 2.4.x. 
> If linux boxes talk to you, you'll see this. A lot.
>  If anyone involved in that asinine decision is reading this, I'd
> certainly like to thank you for really buggering up a lot of firewalls and
> IDS's around the world. That was a great plan, guys. Top notch execution,
Ecn is a good thing. The firewalls should be fixed.
More information about the Snort-users