[Snort-users] Strange Alert
twease at ...1935...
Wed Feb 10 09:03:39 EST 2010
On 02/10/2010 08:54 AM, Jens Link wrote:
> Nigel Houghton<nhoughton at ...1935...> writes:
>> Then if you look in the doc directory (it's in the distribution, look
>> for it) you will find the document that accompanies this event, it is
>> named 133-34.txt. (I thought the gid-sid.txt naming convention might be
> Thanks for your help Nigel,
> apparently there is no doc/signatures directory in the 126.96.36.199
> tarball. There is one in the 188.8.131.52 tarball though. I guess that's why
> I couldn't find it.
Take a look in doc/README.dcerpc2 for an explanation of that event.
It's meant to try to identify evasions where a request is fragmented
More information about the Snort-users