Snort mailing list archives
Re: Incomplete Packet Fragments Discarded
From: Martin Roesch <roesch () sourcefire com>
Date: Mon, 26 Nov 2001 17:40:50 -0500
That means that you're using the defrag preprocessor instead of the newer frag2 preprocessor and that you should switch to frag2. :) The defrag preprocessor had some fairly nasty failure modes and has since been superceded by frag2, so I'd recommend using that for now. -Marty james wrote:
Just upgraded to 1-8-2 and new ruleset, getting alot of these. Is this normal for UDP and how would I go about stopping this alert (as in commenting it out) ? Do I want to do this ? [**] [103:2:1] Incomplete Packet Fragments Discarded [**] 11/26-14:15:09.372859 198.59.109.7:0 -> 198.59.109.2:0 UDP TTL:64 TOS:0x0 ID:13359 IpLen:20 DgmLen:8348 UDP header truncated James Edwards jamesh () cybermesa com At the Santa Fe Office: Internet at Cyber Mesa Store hours: 9-6 Monday through Friday Phone support 365 days till 10 pm via the Santa Fe office: 505-988-9200 or Toll Free: 888-988-2700 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Martin Roesch - President, Sourcefire Inc. - (410)552-6999 roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- whitehats snortlst snortlst (Nov 23)
- <Possible follow-ups>
- Whitehats Gmlabs (Nov 26)
- Re: Whitehats Daniel F. Advanced UNIX Hosting Admin - (Nov 26)
- Incomplete Packet Fragments Discarded james (Nov 26)
- Re: Incomplete Packet Fragments Discarded Martin Roesch (Nov 26)
- Re: Whitehats Casey Allen Shobe (Nov 26)
- Re: Whitehats Daniel F. Advanced UNIX Hosting Admin - (Nov 26)