[Snort-users] Strange Alert

John Gay john.gay at ...1935...
Wed Feb 10 08:36:20 EST 2010


It is a preprocessor alert from dcerpc2 - Connection-oriented DCE/RPC -
Fragment length on non-last fragment less than maximum negotiated fragment
transit size for client.

j

On Wed, Feb 10, 2010 at 7:06 AM, Jens Link <jenslink at ...348...> wrote:

> Hi,
>
> I have a snort (2.8.5.2) setup here using barnyard (2.1.7) and base
> (1.4.4). Everything works as expected except for one alert which shows
> up on base:
>
> [snort]    Snort Alert [133:34:0]    unclassified
>
> I greped /etc/snort and the source and didn't find anything. Any ideas?
>
> Jens
> --
> -------------------------------------------------------------------------
> | Foelderichstr. 40  | 13595 Berlin, Germany | +49-151-18721264         |
> | http://www.quux.de | http://blog.quux.de   | jabber: jenslink at ...14770... |
> -------------------------------------------------------------------------
>
>
> ------------------------------------------------------------------------------
> SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
> Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
> http://p.sf.net/sfu/solaris-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100210/b467492b/attachment.html>


More information about the Snort-users mailing list