[Snort-users] UDP alerts with sneeze

sri harsha harsha536 at ...11827...
Fri Mar 12 01:35:56 EST 2010

   I am using snort version on linux machine. Using sneeze for
attacks, I could see alerts generated for icmp rules as attacks. But, for
UDP packets, I see the following alert messages.

[116:97:1] (snort_decoder): Short UDP packet, length field > payload length
[Priority: 3]
03/12-06:17:32.840382 ->
UDP TTL:63 TOS:0x10 ID:0 IpLen:20 DgmLen:92 DF
UDP header truncated

What can be the reason for this? Thanks for any suggestion in advance.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100312/32fdbda2/attachment.html>

More information about the Snort-users mailing list