[Snort-users] Re: bad traffic in syn packet
brian at ...8398...
Mon Sep 19 09:03:13 EDT 2005
-----BEGIN PGP SIGNED MESSAGE-----
[snort-sigs dropped from reply as it's OT for that list]
On Tuesday 06 September 2005 09:10, John Hally wrote:
> Need a quick sanity check here. I'm seeing alerts for traffic in syn
> packets, and all are destined for TCP/53. Is it possible that data is
> being piggy-backed in the syn packet on purpose and the traffic is benign?
> I don't see any other anomalies to or from these hosts, but wanted to make
> sure that I'm not overlooking something obvious.
Take a look at this analysis and see if it matches your traffic-
Redundancy? You can say that again!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Brian Coyle, GCIA http://www.giac.org/GCIA.php
-----END PGP SIGNATURE-----
More information about the Snort-users