Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Possible Retrans & Evasive RST's

From: "Sheahan, Paul (PCLN-NW)" <Paul.Sheahan () priceline com>
Date: Sun, 26 Aug 2001 22:58:47 -0400
Hello,

I just upgraded to Snort 1.8 RELEASE version and am seeing a ton of
"Possible Restransmission detection" and "Evasive RST detection" alerts
coming from one node on our internal network going to many external hosts on
the Internet.

My questions:

1. What do these alerts mean? I can't seem to find any detailed info on
them. I know they come from the stream processor but thats about all I know.
I see this from many other interal nodes as well.

2. I see many messages in the SNort mailing list that mention changing the
params on the preprocessor to avoid these types of messages. Why have this
preprocessor if everyone is going to bypass it?

Thanks

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: