[Snort-users] Snort, Queso and iptables
graeme.fowler at ...2189...
Wed Oct 10 05:02:06 EDT 2001
> As the original poster was connecting to a Linux site, I'd
> assume it's 2.4 ECN rather than a Queso probe.
...after Juergen wrote:
> Just about every other day, snort reports a 'Possible Queso
> Fingerprint attempt' from a machine at kernel.org (most
> frequently mirrors.kernel.org).
Could I interest the honourable gentlemen in the following pages?
For those who can't be bothered to look there:
"vger.kernel.org has enabled ECN. You may need to switch ISP
in order to receive linux-kernel email"
So, spot on Olaf. Well deduced.
Host Europe Group PLC
More information about the Snort-users