[Snort-users] Snort Alert Help for Rule : SID=2

Jeff Dell jdell at ...1095...
Thu Dec 4 09:02:02 EST 2003

That would be the Stream 4 Preprocessor that is creating the alert.


The option "detect_state_problems" is what is triggering this event.


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Naman
Sent: Thursday, December 04, 2003 11:39 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort Alert Help for Rule : SID=2

Can someone explain this alert ?

spp_stream4: Evasive Reset Packet

Snort SID for as stored in database is 2, however I couldn't find any
documentation for this.
Does it mean a TCP packet with RESET Flag set ?
How can I disable this alert ?

Regards \\ Naman

This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for
Free Linux Tutorials.  Learn everything from the bash shell to sys
Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=ick
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list