Snort mailing list archives
stream4 question
From: "Merrill, Bill (CHS)" <Bill.Merrill () state ma us>
Date: Thu, 7 Aug 2003 09:08:02 -0400
I have racked my brain, and cannot think of a way to filter the following out. I am not a programmer, and editing the header file scared me a bit. Besides fixing the problem with the terminal itself, an old Unisys LT300, can I actually filter the following with a rule somehow? I am running Snort 2.0.1 on a RH9 sensor. I am using Snortcenter to manage rules and ACID to display the information from the MySQL database. [**] [111:1:1] (spp_stream4) STEALTH ACTIVITY (unknown) detection [**] 08/07-08:48:46.256474 x.x.x.x:2667 -> x.x.x.x:23 TCP TTL:254 TOS:0x0 ID:24 IpLen:20 DgmLen:44 ****P*S* Seq: 0x63 Ack: 0x0 Win: 0x572 TcpLen: 24 TCP Options (1) => MSS: 1394 [**] [111:1:1] (spp_stream4) STEALTH ACTIVITY (unknown) detection [**] 08/07-08:48:56.673113 x.x.x.x:2399 -> x.x.x.x:23 TCP TTL:254 TOS:0x0 ID:32 IpLen:20 DgmLen:44 ****P*S* Seq: 0x63 Ack: 0x0 Win: 0x572 TcpLen: 24 TCP Options (1) => MSS: 1394 [**] [111:1:1] (spp_stream4) STEALTH ACTIVITY (unknown) detection [**] 08/07-08:48:56.730540 x.x.x.x:2667 -> x.x.x.x:23 TCP TTL:254 TOS:0x0 ID:33 IpLen:20 DgmLen:44 ****P*S* Seq: 0x63 Ack: 0x0 Win: 0x572 TcpLen: 24 TCP Options (1) => MSS: 1394 Hopefully this is appropriate information to post to the list. I appreciate any input you might have. -bill
Current thread:
- stream4 question Merrill, Bill (CHS) (Aug 07)
- Re: stream4 question Erek Adams (Aug 07)