[Snort-users] stream4 issues: possible EVASIVE RST detection
danielrm26 at ...125...
Tue Oct 15 10:17:04 EDT 2002
-----BEGIN PGP SIGNED MESSAGE-----
> We are getting inundated by "spp:possible EVASIVE RST detection" alerts.
> I have tracked these down to about 20 NT 4 servers where apparently the
> TCP/IP stacks are jacked.
I had the same problem and am using Demarc as well. I haven't tried upgrading to 1.9 yet to see if that was the problem, but you can make that specific preprocessor be quiet while you look into the issue. Use the no_alerts option, or whatever it is, and that will quiet it down.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0 (Build 294) Beta
-----END PGP SIGNATURE-----
More information about the Snort-users