[Snort-users] New stream 4 messages in 2.0
cmg at ...1935...
Mon Apr 21 06:04:09 EDT 2003
Russell Fulton <r.fulton at ...3809...> writes:
> Hi All,
> We have just upgraded to 2.0 and are seeing lots of alerts for these:
> (snort_decoder) WARNING: TCP Data Offset is less than 5!
> (snort_decoder): T/TCP Detected
> Just what triggers these alerts and is there any way to turn them off?
> BTW all the "TCP Data Offset is less than 5!" come from three Akamai
> boxes housed on our DMZ :( Those things seem to bend all the rules to
> breaking point, sigh...
Mind sending me a packet dump to see what these things are doing? :)
> The "T/TCP Detected" all seem to be from incoming connections.
2.0.x also accepts
Chris Green <cmg at ...1935...>
Laugh and the world laughs with you, snore and you sleep alone.
More information about the Snort-users