[Snort-users] stream4 issues: possible EVASIVE RST detection

Daniel Miessler danielrm26 at ...125...
Tue Oct 15 10:17:04 EDT 2002


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> We are getting inundated by "spp:possible EVASIVE RST detection" alerts.
> 
> I have tracked these down to about 20 NT 4 servers where apparently the
> TCP/IP stacks are jacked.

I had the same problem and am using Demarc as well.   I haven't tried upgrading to 1.9 yet to see if that was the problem, but you can make that specific preprocessor be quiet while you look into the issue.  Use the no_alerts option, or whatever it is, and that will quiet it down.

- --danielrm26

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0 (Build 294) Beta

iQEVAwUBPaxNX/Lu0CaZEvl2AQKTJQf+O7NmDNmA1oQJbAJuN3QkT0x3kMmyJoMp
3Ag0nW/+Xf5uVOyEpO1yDAXv0esve717BeK26QHd8A/ZQNrO6/Nmma1C8H69YKYO
yf6w++Gbpfzsv+1Ro6+b9Pl4HMUFLTI9m52fwor5G945sypziBxrqcGtBiiNQOxM
1LoNDAJWWcpbGdvjmNFM8QsDKdEJCHDBlC1i6r3qgHiHqekjpNCa4ZZES/9BM4jn
sfUjPmMHsllEsxk82NBORZQn9SEabrw4j/na1lEVJFTVsBPzRD5DdBn0n+IYVLJo
sekGq26I10g2hEu0162AE5b2sOpcMTCuXN8EDaUldr4ZS3GPytYWNQ==
=5i7V
-----END PGP SIGNATURE-----




More information about the Snort-users mailing list