RE: Too many stealth alerts

["Estes, Matt CPR / FCBS" <Matt.Estes () eis army mil>]

Great, thanks Erek.  Just wanted another opinion before my eyes gloss over
once again at another non-standard MS machine causing false alarms (like
that ever happens).

Matt

> -----Original Message-----
> From: Erek Adams [mailto:erek () theadamsfamily net]
> Sent: Monday, April 15, 2002 3:28 PM
> To: Estes, Matt CPR / FCBS
> Cc: snort-users () lists sourceforge net
> Subject: Re: [Snort-users] Too many stealth alerts
>
>
> On Mon, 15 Apr 2002, Estes, Matt CPR / FCBS wrote:
>
> > I routinely(!) get "Stealth" packets from talkative 
> Exchange servers... is
> > this ok?  Why would a machine possible have null flags or 
> every flag set in
> > a TCP packet.
> >
> > Hardware problems?
>
> Yep.  Running a MS OS on it.  ;-)
>
> MS has a nasty habit of not following RFC's.  Due to that in 
> many ways the
> TCP/IP stack of some boxes seems 'broken', since it's not all 
> quite standard.
> But you're right....  That's not the way it should be.  
> Something is off
> somewhere.
>
> -----
> Erek Adams
> Nifty-Type-Guy
> TheAdamsFamily.Net

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users