[Snort-users] frag3: Fragmentation overlap

Justin Heath justin.heath at ...11827...
Mon Sep 25 14:27:12 EDT 2006

Check out:


There are a couple of references in the frag3 section of the manual (first
link above) that are worth following. Also, a google search for
"fragmentation attacks" should give you some info.


On 9/25/06, Paul Schmehl <pauls at ...6838...> wrote:
> Can anyone explain exactly what this alert means?  (Other than the fact
> that the packets are being fragmented and there is overlap?)  Is it the
> prelude to an attack?  A misconfigured host?
> Paul Schmehl (pauls at ...6838...)
> Adjunct Information Security Officer
> The University of Texas at Dallas
> http://www.utdallas.edu/ir/security/
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share
> your
> opinions on IT & business topics through brief surveys -- and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20060925/1dabf4f7/attachment.html>

More information about the Snort-users mailing list