[Snort-users] Alerts interpretation

henrique de lima arabe - PDBL/uoi hlima at ...9936...
Fri Sep 12 08:49:24 EDT 2003


Hello everybody. I got  this BAD TRAFFIC ALERT MESSAGE.
[**] [1:1321:5] BAD TRAFFIC 0 ttl [**]
[Classification: Misc activity] [Priority: 3]
09/12-11:00:52.460511 10.0.24.176:137 -> 10.0.31.255:137
UDP TTL:0 TOS:0x0 ID:3 IpLen:20 DgmLen:78 DF
Len: 50

I tried to find out what it means but didnt get a good explanation of it.
Could anyone tell me more about it? What is the best database to look for
alerts descriptions?
How is it possible to know whether this is a real attack or a legitimate 
action?

Thanks in advance

Henri Lima






More information about the Snort-users mailing list