[Snort-users] Snort, Queso and iptables

Graeme Fowler graeme.fowler at ...2189...
Wed Oct 10 05:02:06 EDT 2001


Olaf wrote:
> As the original poster was connecting to a Linux site, I'd 
> assume it's 2.4 ECN rather than a Queso probe.

...after Juergen wrote:
> Just about every other day, snort reports a 'Possible Queso
> Fingerprint attempt' from a machine at kernel.org (most
> frequently mirrors.kernel.org). 

Could I interest the honourable gentlemen in the following pages?

http://www.tux.org/lkml/
http://www.tux.org/lkml/#s14-2

For those who can't be bothered to look there:

"vger.kernel.org has enabled ECN. You may need to switch ISP
in order to receive linux-kernel email"

So, spot on Olaf. Well deduced.

Graeme
-- 
Graeme Fowler
System Administrator
Host Europe Group PLC




More information about the Snort-users mailing list