[Snort-users] lots of ttl evasion attempt alerts snort 1.8.7

Chris Green cmg at ...1935...
Fri Jul 12 06:46:14 EDT 2002


Michael Scheidell <scheidell at ...5171...> writes:

> I won't say BILLIONS, but 200 more of these in 21 hours of running snort
> 1.8.7 vs 1.8.6beta6.
>
> starting snort thus:
> /usr/local/bin/snort -doDI -m 022 -z \
> -c /usr/local/etc/snort.conf -i rl0 -l /var/log/snort
>
> system is FBSD 4.5.
>
> I did not change my snort.conf:
> preprocessor frag2
> preprocessor stream4: noinspect, disable_evasion_alerts

Add ttl_limit 0

-- 
Chris Green <cmg at ...1935...>
 "Not everyone holds these truths to be self-evident, so we've worked
                  up a proof of them as Appendix A." --  Paul Prescod




More information about the Snort-users mailing list