Snort mailing list archives
VPNs and TCP
From: Matt Linton <mlinton () email arc nasa gov>
Date: Wed, 28 Apr 2004 09:43:23 -0700
Greetings, everyone.Has anyone doing packet analysis taken a good look at packets traveling across VPN connections on a snort machine? I'm seeing some very odd traffic (odd enough to trigger the snort "bad packets" and "invalid packets" rulesets) and wondering if anyone else has the same experience.
Most of the time these TCP packets are heading to a VPN server from a client who is logged into the VPN. They include things like traffic to TCP port 0 and signatures matching the NMAP TCP scan.
+--------------------------------------------------- | Regards; | Matt Linton | UNIX Systems Administrator | ASANI Solutions, LLC. +--------------------------------------------------- ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10gGet certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Error compiling Snort Gary_Portnoy (Apr 28)
- Re: Error compiling Snort George Theall (Apr 28)
- VPNs and TCP Matt Linton (Apr 28)
- <Possible follow-ups>
- Re: Error compiling Snort Gary_Portnoy (Apr 30)
- Re: Error compiling Snort George Theall (Apr 28)