[Snort-users] spp_stream4: TTL Evasion attempt

Russell Fulton r.fulton at ...3809...
Sun Nov 7 20:04:44 EST 2004


HI Folks,
	I have started to see lots of "spp_stream4: TTL Evasion attempt" alerts
on one of my sensors on our internal network. All the destination
addresses are on our dial-in pool.

So I am now trying to figure out what changed.  I don't think that this
is malicious traffic but I would like to figure out what is triggering
the alerts.

As a starter, just what type of event is the stream4 processor
reporting?

-- 
Russell Fulton, Information Security Officer, The University of Auckland
New Zealand





More information about the Snort-users mailing list