[Snort-users] lots of ttl evasion attempt alerts snort 1.8.7
David E. Gianndrea
daveg at ...4357...
Fri Jul 12 12:02:11 EDT 2002
Chris Green wrote:
> Michael Scheidell <scheidell at ...5171...> writes:
> > I won't say BILLIONS, but 200 more of these in 21 hours of running snort
> > 1.8.7 vs 1.8.6beta6.
> > starting snort thus:
> > /usr/local/bin/snort -doDI -m 022 -z \
> > -c /usr/local/etc/snort.conf -i rl0 -l /var/log/snort
> > system is FBSD 4.5.
> > I did not change my snort.conf:
> > preprocessor frag2
> > preprocessor stream4: noinspect, disable_evasion_alerts
> Add ttl_limit 0
Would somebody please explain this change. I too have been seeing
these alerts, but im not quite sure I understand what they are, and
what the effect of this change are.
Senior Network Engineer
Comsquared Systems, Inc.
More information about the Snort-users