Snort mailing list archives

Re: Strange Alerts

From: Brett.Gillett () tsx com
Date: Wed, 23 Apr 2003 10:52:46 -0400

Me again,

Found my answer on how to disable these, but what exactly is a T/TCP 
packet?

Brett




Brett.Gillett () tsx com
Sent by: snort-users-admin () lists sourceforge net
22/04/2003 01:19 PM

 
        To:     snort-users () lists sourceforge net
        cc: 
        Subject:        [Snort-users] Strange Alerts



Hey everyone, 

I have a question regarding alerts that we started to receive once we 
upgraded to Snort 2.0, it seems that all of our sensors started generating 
T/TCP Detected alerts 

[**] [116:56:1] (snort_decoder): T/TCP Detected [**] 
04/22-13:16:28.246763 AAA.AAA.AAA.AAA:0 -> BBB.BBB.BBB.BBB:0 
TCP TTL:58 TOS:0x0 ID:24222 IpLen:20 DgmLen:68 DF 
******S* Seq: 0xDD50750C  Ack: 0x93F8748B  Win: 0x4000  TcpLen: 48 
TCP Options (9) => MSS: 1380 NOP WS: 0 NOP NOP TS: 191472669 0 
TCP Options => NOP NOP CCNEW: 47828988 

Anyone have any ideas on what this is? 

Thanks, 

Brett

Current thread:

Strange Alerts Brett . Gillett (Apr 23)
- <Possible follow-ups>
- Re: Strange Alerts Neil Dickey (Apr 23)
  - Re: Strange Alerts Artur Bittencourt (Apr 23)
    - Re: Strange Alerts Erek Adams (Apr 23)
    - Re: Strange Alerts David Alonso De La Vega Tapage (Apr 23)
- Re: Strange Alerts Neil Dickey (Apr 23)
- Re: Strange Alerts Brett . Gillett (Apr 23)
- RE: Strange Alerts Allen, Garrett (Apr 23)
- Re: Strange Alerts Brett . Gillett (Apr 23)