[Snort-users] how to stop these UDP TCP alerts?

Clayton Mascarenhas masclaythesnort at ...131...
Mon Sep 22 13:31:22 EDT 2003

Hi all,
I know this question has been asked before, but I cannot find the answer to this. I have really searched google and the mailing list but still cant find the answer to this question.
Could I please know how to stop snort 2.0.2 from generating the following alerts...

[**] (snort_decoder): Short UDP packet, length field > payload length [**] 01/29-01:00:18.399475 132.x.x.x:0 -> 132.x.x.x:0 UDP TTL:128 TOS:0x0 ID:15667 IpLen:20 DgmLen:161Len: 133

[**] (snort_decoder) WARNING: TCP Header length exceeds packet length! [**]01/29-01:00:09.082724 132.x.x.x:0 -> 132.x.x.x:0 TCP TTL:60 TOS:0x0 ID:57434 IpLen:20 DgmLen:52 DF ***A**** Seq: 0x21676561 Ack: 0xCECE0987 Win: 0xC036 TcpLen: 32

I am getting a million of these alerts. I dont think there is any snort rule to this. Am I correct?

Thank you.

Clayton Mascarenhas

Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030922/1f9267aa/attachment.html>

More information about the Snort-users mailing list