[Snort-users] Where can i find alert info?

Petriz, Pablo ppetriz at ...3815...
Mon Feb 11 12:35:43 EST 2002


Hello list

I am using snort (lot of thanks to this list!) but i am not an
"TCP/IP Ilustrated" man. Yes, i know, i have to read it.

In the meantime, i want to solve my doubts about the meaning of
some Snort alerts. I have read about the great help of whitehats
site for this, but thats not working now. So where can i go for 
this kind of questions? 

I dont want to overload the list with "What does xxxxxxx alert
means?" questions... i am afraid of being included into some 
drinking_game update.

Thanks in advance!

PABLO

PD: Ah! this is the alert that i dont understand. Its from
my internal net (lot of windows machines) but i dont know
what PC is generating this or why. So "What does BAD TRAFFIC 
0 ttl ALERT means????"

[**] BAD TRAFFIC 0 ttl [**]
02/11-09:08:00.695575 0.0.0.0:68 -> 255.255.255.255:67
UDP TTL:0 TOS:0x0 ID:1 IpLen:20 DgmLen:328
Len: 308
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

[**] BAD TRAFFIC 0 ttl [**]
02/11-16:04:55.535575 0.0.0.0:68 -> 255.255.255.255:67
UDP TTL:0 TOS:0x0 ID:1 IpLen:20 DgmLen:328
Len: 308
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

[**] BAD TRAFFIC 0 ttl [**]
02/11-16:11:53.135575 0.0.0.0:68 -> 255.255.255.255:67
UDP TTL:0 TOS:0x0 ID:1 IpLen:20 DgmLen:328
Len: 308
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+





More information about the Snort-users mailing list