[Snort-users] Snort Alert Help for Rule : SID=2

Jeff Dell jdell at ...1095...
Thu Dec 4 09:02:02 EST 2003


That would be the Stream 4 Preprocessor that is creating the alert.
Checkout:

http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.4.5

The option "detect_state_problems" is what is triggering this event.

Jeff


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Naman
Latif
Sent: Thursday, December 04, 2003 11:39 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort Alert Help for Rule : SID=2


Hi,
Can someone explain this alert ?

++++++++
spp_stream4: Evasive Reset Packet
++++++++

Snort SID for as stored in database is 2, however I couldn't find any
documentation for this.
Does it mean a TCP packet with RESET Flag set ?
How can I disable this alert ?

Regards \\ Naman


-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for
IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys
admin.
Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=ick
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users







More information about the Snort-users mailing list