Snort mailing list archives

Previous By Date Next
Previous By Thread Next

spp_stream4: TTL Evasion attempt

From: Russell Fulton <r.fulton () auckland ac nz>
Date: Mon, 08 Nov 2004 14:23:47 +1300
HI Folks,
        I have started to see lots of "spp_stream4: TTL Evasion attempt" alerts
on one of my sensors on our internal network. All the destination
addresses are on our dial-in pool.

So I am now trying to figure out what changed.  I don't think that this
is malicious traffic but I would like to figure out what is triggering
the alerts.

As a starter, just what type of event is the stream4 processor
reporting?

-- 
Russell Fulton, Information Security Officer, The University of Auckland
New Zealand



-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: