[Snort-users] Alert with no data

Al Lewis (allewi) allewi at ...589...
Wed Feb 18 14:41:36 EST 2015


Hello,

                Can you provide a conf file and the command you are using to start snort?

Also some sample traffic that is triggering the events if possible.

Thanks!

Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi at ...589...

From: Beto C [mailto:beto.cuevas.v at ...11827...]
Sent: Wednesday, February 18, 2015 2:33 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Alert with no data

Hello everyone,
I have noticed that my implementation of snort has generated alerts with no data and ever show how source and destination IP 0.0.0.0.
I have no idea what may be happening. This only happens, for the moment, with alert POLICY-ICMP Truncated ICMPv6 denial of service attempt (27611). The server logs, do not show anything that might help. Hope you can help.
Best regards

Alberto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150218/f5e68051/attachment.html>


More information about the Snort-users mailing list