[Snort-users] New stream 4 messages in 2.0
r.fulton at ...3809...
Tue Apr 15 21:06:02 EDT 2003
We have just upgraded to 2.0 and are seeing lots of alerts for these:
(snort_decoder) WARNING: TCP Data Offset is less than 5!
(snort_decoder): T/TCP Detected
Just what triggers these alerts and is there any way to turn them off?
BTW all the "TCP Data Offset is less than 5!" come from three Akamai
boxes housed on our DMZ :( Those things seem to bend all the rules to
breaking point, sigh...
The "T/TCP Detected" all seem to be from incoming connections.
More information about the Snort-users