[Snort-users] Strange Alerts

Brett.Gillett at ...8974... Brett.Gillett at ...8974...
Wed Apr 23 07:56:19 EDT 2003


Me again,

Found my answer on how to disable these, but what exactly is a T/TCP 
packet?

Brett




Brett.Gillett at ...8974...
Sent by: snort-users-admin at lists.sourceforge.net
22/04/2003 01:19 PM

 
        To:     snort-users at lists.sourceforge.net
        cc: 
        Subject:        [Snort-users] Strange Alerts



Hey everyone, 

I have a question regarding alerts that we started to receive once we 
upgraded to Snort 2.0, it seems that all of our sensors started generating 
T/TCP Detected alerts 

[**] [116:56:1] (snort_decoder): T/TCP Detected [**] 
04/22-13:16:28.246763 AAA.AAA.AAA.AAA:0 -> BBB.BBB.BBB.BBB:0 
TCP TTL:58 TOS:0x0 ID:24222 IpLen:20 DgmLen:68 DF 
******S* Seq: 0xDD50750C  Ack: 0x93F8748B  Win: 0x4000  TcpLen: 48 
TCP Options (9) => MSS: 1380 NOP WS: 0 NOP NOP TS: 191472669 0 
TCP Options => NOP NOP CCNEW: 47828988 

Anyone have any ideas on what this is? 

Thanks, 

Brett

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030423/21c87f95/attachment.html>


More information about the Snort-users mailing list