[Snort-users] VPNs and TCP

Matt Linton mlinton at ...10499...
Wed Apr 28 09:44:05 EDT 2004

Greetings, everyone.

Has anyone doing packet analysis taken a good look at packets traveling 
across VPN connections on a snort machine? I'm seeing some very odd 
traffic (odd enough to trigger the snort "bad packets" and "invalid 
packets" rulesets) and wondering if anyone else has the same experience.

Most of the time these TCP packets are heading to a VPN server from a 
client who is logged into the VPN. They include things like traffic to 
TCP port 0 and signatures matching the NMAP TCP scan.

| Regards;
| Matt Linton
| UNIX Systems Administrator
| ASANI Solutions, LLC.

More information about the Snort-users mailing list