[Snort-users] lots of ttl evasion attempt alerts snort 1.8.7
cmg at ...1935...
Fri Jul 12 06:46:14 EDT 2002
Michael Scheidell <scheidell at ...5171...> writes:
> I won't say BILLIONS, but 200 more of these in 21 hours of running snort
> 1.8.7 vs 1.8.6beta6.
> starting snort thus:
> /usr/local/bin/snort -doDI -m 022 -z \
> -c /usr/local/etc/snort.conf -i rl0 -l /var/log/snort
> system is FBSD 4.5.
> I did not change my snort.conf:
> preprocessor frag2
> preprocessor stream4: noinspect, disable_evasion_alerts
Add ttl_limit 0
Chris Green <cmg at ...1935...>
"Not everyone holds these truths to be self-evident, so we've worked
up a proof of them as Appendix A." -- Paul Prescod
More information about the Snort-users