[Snort-users] New stream 4 messages in 2.0 (Absent jusqu'au 29/07/2002)

Pascal Painparay pascal.painparay at ...8874...
Mon Apr 21 06:29:33 EDT 2003


Je suis absent jusqu'au 21/04/03 inclus. 
En cas d'urgence, Vous pouvez contacter :
  Christophe Savin au 01 49 15 32 75.

Cdt
Pascal Painparay

>>> snort-users 04/21/03 15:03 >>>

Russell Fulton <r.fulton at ...3809...> writes:

> Hi All,
> 	We have just upgraded to 2.0 and are seeing lots of alerts for these:
>
> (snort_decoder) WARNING: TCP Data Offset is less than 5!
> (snort_decoder): T/TCP Detected
>
> Just what triggers these alerts and is there any way to turn them off?
>
> BTW all the "TCP Data Offset is less than 5!" come from three Akamai
> boxes housed on our DMZ :(  Those things seem to bend all the rules to
> breaking point, sigh...

Mind sending me a packet dump to see what these things are doing? :)

>
>
> The "T/TCP Detected" all seem to be from incoming connections.

2.0.0:
config disable_ttcp_alerts

2.0.x also accepts

config disable_tcpopt_ttcp_alerts

-- 
Chris Green <cmg at ...1935...>
Laugh and the world laughs with you, snore and you sleep alone.


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list