Snort mailing list archives
Possible Retrans & Evasive RST's
From: "Sheahan, Paul (PCLN-NW)" <Paul.Sheahan () priceline com>
Date: Sun, 26 Aug 2001 22:58:47 -0400
Hello, I just upgraded to Snort 1.8 RELEASE version and am seeing a ton of "Possible Restransmission detection" and "Evasive RST detection" alerts coming from one node on our internal network going to many external hosts on the Internet. My questions: 1. What do these alerts mean? I can't seem to find any detailed info on them. I know they come from the stream processor but thats about all I know. I see this from many other interal nodes as well. 2. I see many messages in the SNort mailing list that mention changing the params on the preprocessor to avoid these types of messages. Why have this preprocessor if everyone is going to bypass it? Thanks _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Possible Retrans & Evasive RST's Sheahan, Paul (PCLN-NW) (Aug 26)
- Re: Possible Retrans & Evasive RST's Erek Adams (Aug 27)