[Snort-users] bad IP traffic

[NC Agent <NC_Agent () kueppers-familie de>]

My company NIDS - i.e. snort 2.0 - is triggering since three/four days a lot
of  "BAD-TRAFFIC bad frag bits" alerts.
These come out when a TCP packet has both fragment and don't_fragment bit
on.

Target of these alerts is almost always the IP address of a particular Web
Server (one of our server farm).
Other alerts are triggered on this target, some are common ones such as
Apache worm for Apache old version but this
is a usual maltraffic, but other ones are of type "bad TCP/IP traffic", such
as anomalous TTL values for packets.

It seems to me this could be a scan/gathering info technique, is it correct?
can this be a False Positive ? Can this
be something more dangerous?

Any help will be very appreciated,

Cheers,

Max


==============================================================
   Lines below are "the price to pay"  for a free service of a commercial
ISP
==============================================================



--
Email.it, the professional e-mail, gratis per te: http://www.email.it/f

Sponsor:
Viaggiare in aereo spendendo poco non è un sogno perchè Sterling fa dei tuoi sogni realtà, clicca subito
Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=1227&d=11-6

----------------------------------------------------------------------------
----------------------------------------------------------------------------



-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users