No subject


Thu Nov 23 16:36:19 EST 2017


does not fiddle with the TCP flags.

> > [**] IDS029 - SCAN-Possible Queso Fingerprint attempt [**]
> > 09/26-18:09:03.858555 149.221.232.4:1069 -> xx.xxx.x.xxx:25
> > TCP TTL:49 TOS:0x0 ID:0  DF
> > 21S***** Seq: 0x214F4222   Ack: 0x0   Win: 0x16D0
> > TCP Options => MSS: 1460 SackOK TS: 60719014 0 NOP WS: 0 

Here, both uppermost TCP flag bits are set, but the TOS is 0.

Erich



More information about the Snort-users mailing list