[Snort-users] Tagged packets in logs
EGrejda at ...10102...
Tue Dec 23 05:46:03 EST 2003
I've been seeing those on our networks as well, only there hasn't been any
payload in those packets. They were appearing on a Snort v2.0.5 setup using
the latest STABLE rule set which was logging to a MySQL database. We
haven't been able to pin down what's causing them, either, and would love to
know what's going on. My working theory has been that it's been a system
duplication application of some sort (we use a few of them around here)
pinging the server that stores its disk images but there's no hard data
backing that theory up.
> -----Original Message-----
> From: Russell Fulton [mailto:r.fulton at ...3809...]
> Sent: Tuesday, December 23, 2003 5:22 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Tagged packets in logs
> I am getting a trickle of "tagged" packets turning up
> in ACID. All these packets have 80 as source port and most
> have no data, just
> push+ack set. A few have data and these alway start with a USER
> <username><CRLF>PASS <password> .
More information about the Snort-users