Snort mailing list archives
RE: Snort Alert Help for Rule : SID=2
From: "Jeff Dell" <jdell () activeworx com>
Date: Thu, 4 Dec 2003 12:00:43 -0500
That would be the Stream 4 Preprocessor that is creating the alert. Checkout: http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.4.5 The option "detect_state_problems" is what is triggering this event. Jeff -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Naman Latif Sent: Thursday, December 04, 2003 11:39 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Snort Alert Help for Rule : SID=2 Hi, Can someone explain this alert ? ++++++++ spp_stream4: Evasive Reset Packet ++++++++ Snort SID for as stored in database is 2, however I couldn't find any documentation for this. Does it mean a TCP packet with RESET Flag set ? How can I disable this alert ? Regards \\ Naman ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=ick _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Alert Help for Rule : SID=2 Naman Latif (Dec 04)
- RE: Snort Alert Help for Rule : SID=2 Jeff Dell (Dec 04)
- <Possible follow-ups>
- RE: Snort Alert Help for Rule : SID=2 Naman Latif (Dec 04)