[Snort-users] riddle me this....

larosa, vjay larosa_vjay at ...3331...
Thu May 9 13:39:04 EDT 2002


What kind of packet gets sent across the network with both the DF and MF
bits set? My BAD TAFFIC bad frag bits rule keeps getting set off by hosts on
my network. Shouldn't a switch/router drop packets like this and respond
with an ICMP error message to the originator? The UDP  packet size is 1520
(20 byte IP header, 1500 byte payload)
Could this be fragroute(r)?

Thanks!

vjl




More information about the Snort-users mailing list