Snort mailing list archives

bad traffic in syn packet

From: John Hally <JHally () epnet com>
Date: Tue, 6 Sep 2005 09:10:45 -0400

Hello All,

 

Need a quick sanity check here.  I'm seeing alerts for traffic in syn
packets, and all are destined for TCP/53.  Is it possible that data is being
piggy-backed in the syn packet on purpose and the traffic is benign?  I
don't see any other anomalies to or from these hosts, but wanted to make
sure that I'm not overlooking something obvious.

 

Thanks in advance!

 

John.

Current thread:

bad traffic in syn packet John Hally (Sep 06)
- Re: [Snort-sigs] bad traffic in syn packet Frank Knobbe (Sep 07)
- Re: bad traffic in syn packet Brian Coyle (Sep 19)