Snort mailing list archives

Previous By Date Next
Previous By Thread Next

VPNs and TCP

From: Matt Linton <mlinton () email arc nasa gov>
Date: Wed, 28 Apr 2004 09:43:23 -0700

Greetings, everyone.
Has anyone doing packet analysis taken a good look at packets traveling across VPN connections on a snort machine? I'm seeing some very odd traffic (odd enough to trigger the snort "bad packets" and "invalid packets" rulesets) and wondering if anyone else has the same experience.
Most of the time these TCP packets are heading to a VPN server from a client who is logged into the VPN. They include things like traffic to TCP port 0 and signatures matching the NMAP TCP scan. 



+---------------------------------------------------
| Regards;
| Matt Linton
| UNIX Systems Administrator
| ASANI Solutions, LLC.
+---------------------------------------------------




-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: