Snort mailing list archives

New stream 4 messages in 2.0

From: Russell Fulton <r.fulton () auckland ac nz>
Date: 16 Apr 2003 16:03:57 +1200

Hi All,
        We have just upgraded to 2.0 and are seeing lots of alerts for these:

(snort_decoder) WARNING: TCP Data Offset is less than 5!
(snort_decoder): T/TCP Detected

Just what triggers these alerts and is there any way to turn them off?

BTW all the "TCP Data Offset is less than 5!" come from three Akamai
boxes housed on our DMZ :(  Those things seem to bend all the rules to
breaking point, sigh...

The "T/TCP Detected" all seem to be from incoming connections.

Russell.



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

New stream 4 messages in 2.0 Russell Fulton (Apr 15)
- Re: New stream 4 messages in 2.0 Chris Green (Apr 21)
- <Possible follow-ups>
- RE: New stream 4 messages in 2.0 Slighter, Tim (Apr 21)