Snort mailing list archives
Re: snort_decoder
From: Joel Esler <eslerj () gmail com>
Date: Sun, 17 Jul 2005 19:26:20 -0400
No, they are decoder "errors" telling you that a packet that has "tcp options" "with bad lengths" has been found and that (maybe another packet) that the tcp options have been truncated.
Most people I know shut these off.You can find out to shut these off in the snort.conf or in the snort manual.
joel On Jul 17, 2005, at 4:17 PM, Angelita de Cássia Corrêa wrote:
Do these alerts mean false positives? (snort_decoder): Tcp Options found with bad lengths (snort_decoder): Truncated Tcp Options Thanks
Current thread:
- snort_decoder Angelita de Cássia Corrêa (Jul 17)
- Re: snort_decoder Joel Esler (Jul 17)
- Re: snort_decoder Martin Roesch (Jul 17)
- <Possible follow-ups>
- snort_decoder Angelita de Cássia Corrêa (Jul 18)
- False positive Angelita de Cássia Corrêa (Jul 18)
- Re: False positive Joel Esler (Jul 18)
- Re: False positive Angelita de Cássia Corrêa (Jul 18)
- False positive Angelita de Cássia Corrêa (Jul 18)
- Re: snort_decoder Joel Esler (Jul 17)