[Snort-users] UDP alerts with sneeze

sri harsha harsha536 at ...11827...
Fri Mar 12 01:35:56 EST 2010


Hi,
   I am using snort 2.8.5.2 version on linux machine. Using sneeze for
attacks, I could see alerts generated for icmp rules as attacks. But, for
UDP packets, I see the following alert messages.

[116:97:1] (snort_decoder): Short UDP packet, length field > payload length
[**]
[Priority: 3]
03/12-06:17:32.840382 76.0.0.10:0 -> 4.4.4.10:0
UDP TTL:63 TOS:0x10 ID:0 IpLen:20 DgmLen:92 DF
UDP header truncated

What can be the reason for this? Thanks for any suggestion in advance.

Thanks,
Sriharsha
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100312/32fdbda2/attachment.html>


More information about the Snort-users mailing list