[Snort-users] BAD TRAFFIC data in TCP SYN packet

Lars Jørgensen IT Lars.Jorgensen at ...4490...
Sun Jan 13 22:40:02 EST 2002


Hi!

I get a lot of 

01/14-02:24:17.089098  [**] [1:526:3] BAD TRAFFIC data in TCP SYN packet
[**] [Classification: Misc activity] [Priority: 3] {TCP} 207.46.106.84:29291
-> 172.40.20.235:53

172.40.20.235 is my DNS server, but why would clients put data in the syn
packets? According to RIPE, the source address is "ALLOCATED UNSPECIFIED",
so I can't find out who's doing this. It comes from a limited number of
addresses, they all seem to be 207.xx.xxx.xxx.

I tried Google, but to no avail. Can anybody shed some light on this?


Lars




More information about the Snort-users mailing list