[Snort-users] Short UDP Packet

FG12sqTSS at ...661... FG12sqTSS at ...661...
Tue Feb 24 06:59:08 EST 2004


Snort 2.1 produces alerts "Short UDP Packet" Length field > payload length.  
All alerts are from various a.b.c.d:0 -> e.f.g.h:0, where DST is frequently a 
broadcast address.  TTL=128; ID# increments normally; Dgmlen=265.  The network 
is 100% MS windows and Cisco.  

What traffic generates this as a potentially hostile packet vs. acceptable 
use?

Fred Gross III
Total System Security, LLC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040224/66708bb6/attachment.html>


More information about the Snort-users mailing list