[Snort-users] spp_stream4: TTL Evasion attempt

Russell Fulton r.fulton at ...3809...
Sun Nov 7 20:04:44 EST 2004

HI Folks,
	I have started to see lots of "spp_stream4: TTL Evasion attempt" alerts
on one of my sensors on our internal network. All the destination
addresses are on our dial-in pool.

So I am now trying to figure out what changed.  I don't think that this
is malicious traffic but I would like to figure out what is triggering
the alerts.

As a starter, just what type of event is the stream4 processor

Russell Fulton, Information Security Officer, The University of Auckland
New Zealand

More information about the Snort-users mailing list