Snort mailing list archives
RE: New stream 4 messages in 2.0
From: "Slighter, Tim" <tslighter () itc nrcs usda gov>
Date: Mon, 21 Apr 2003 08:06:19 -0600
config disable_ttcp_alerts -----Original Message----- From: Chris Green [mailto:cmg () sourcefire com] Sent: Monday, April 21, 2003 7:03 AM To: Russell Fulton Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] New stream 4 messages in 2.0 Russell Fulton <r.fulton () auckland ac nz> writes:
Hi All, We have just upgraded to 2.0 and are seeing lots of alerts for
these:
(snort_decoder) WARNING: TCP Data Offset is less than 5! (snort_decoder): T/TCP Detected Just what triggers these alerts and is there any way to turn them off? BTW all the "TCP Data Offset is less than 5!" come from three Akamai boxes housed on our DMZ :( Those things seem to bend all the rules to breaking point, sigh...
Mind sending me a packet dump to see what these things are doing? :)
The "T/TCP Detected" all seem to be from incoming connections.
2.0.0: config disable_ttcp_alerts 2.0.x also accepts config disable_tcpopt_ttcp_alerts -- Chris Green <cmg () sourcefire com> Laugh and the world laughs with you, snore and you sleep alone. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- New stream 4 messages in 2.0 Russell Fulton (Apr 15)
- Re: New stream 4 messages in 2.0 Chris Green (Apr 21)
- <Possible follow-ups>
- RE: New stream 4 messages in 2.0 Slighter, Tim (Apr 21)