Snort mailing list archives
how to stop these UDP TCP alerts?
From: Clayton Mascarenhas <masclaythesnort () yahoo com>
Date: Mon, 22 Sep 2003 13:30:27 -0700 (PDT)
Hi all, I know this question has been asked before, but I cannot find the answer to this. I have really searched google and the mailing list but still cant find the answer to this question. Could I please know how to stop snort 2.0.2 from generating the following alerts... [**] (snort_decoder): Short UDP packet, length field > payload length [**] 01/29-01:00:18.399475 132.x.x.x:0 -> 132.x.x.x:0 UDP TTL:128 TOS:0x0 ID:15667 IpLen:20 DgmLen:161Len: 133 [**] (snort_decoder) WARNING: TCP Header length exceeds packet length! [**]01/29-01:00:09.082724 132.x.x.x:0 -> 132.x.x.x:0 TCP TTL:60 TOS:0x0 ID:57434 IpLen:20 DgmLen:52 DF ***A**** Seq: 0x21676561 Ack: 0xCECE0987 Win: 0xC036 TcpLen: 32 I am getting a million of these alerts. I dont think there is any snort rule to this. Am I correct? Thank you. Clayton Mascarenhas --------------------------------- Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software
Current thread:
- how to stop these UDP TCP alerts? Clayton Mascarenhas (Sep 22)
- Re: how to stop these UDP TCP alerts? Erek Adams (Sep 23)
- Re: how to stop these UDP TCP alerts? jlarsson (Sep 24)
- Re: how to stop these UDP TCP alerts? Erek Adams (Sep 24)
- Re: how to stop these UDP TCP alerts? jlarsson (Sep 24)
- Re: how to stop these UDP TCP alerts? Phil Wood (Sep 25)
- Re: how to stop these UDP TCP alerts? jlarsson (Sep 24)
- Re: how to stop these UDP TCP alerts? Erek Adams (Sep 23)