[Snort-users] Incomplete Packet Fragments Discarded
roesch at ...1935...
Mon Nov 26 14:41:05 EST 2001
That means that you're using the defrag preprocessor instead of the
newer frag2 preprocessor and that you should switch to frag2. :) The
defrag preprocessor had some fairly nasty failure modes and has since
been superceded by frag2, so I'd recommend using that for now.
> Just upgraded to 1-8-2 and new ruleset, getting alot of these. Is this
> normal for UDP and how would I go about stopping this alert (as in
> commenting it out) ? Do I want to do this ?
> [**] [103:2:1] Incomplete Packet Fragments Discarded [**]
> 11/26-14:15:09.372859 220.127.116.11:0 -> 18.104.22.168:0
> UDP TTL:64 TOS:0x0 ID:13359 IpLen:20 DgmLen:8348
> UDP header truncated
> James Edwards
> jamesh at ...3784...
> At the Santa Fe Office: Internet at Cyber Mesa
> Store hours: 9-6 Monday through Friday
> Phone support 365 days till 10 pm via the Santa Fe office:
> 505-988-9200 or Toll Free: 888-988-2700
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
Martin Roesch - President, Sourcefire Inc. - (410)552-6999
roesch at ...1935... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org
More information about the Snort-users