[Snort-users] spp_stream4: TTL Evasion attempt
r.fulton at ...3809...
Sun Nov 7 20:04:44 EST 2004
I have started to see lots of "spp_stream4: TTL Evasion attempt" alerts
on one of my sensors on our internal network. All the destination
addresses are on our dial-in pool.
So I am now trying to figure out what changed. I don't think that this
is malicious traffic but I would like to figure out what is triggering
As a starter, just what type of event is the stream4 processor
Russell Fulton, Information Security Officer, The University of Auckland
More information about the Snort-users