Snort mailing list archives
(spp_frag3) Short fragment, possible DoS attempt
From: "Graham, Robert" <rgraham () mem-ins com>
Date: Tue, 6 Dec 2005 10:22:55 -0600
After upgrading to version 2.4.3 we are getting alot of (spp_frag3) Short fragment, possible DoS Attempt alerts. These alerts are only between two internal hosts (a Redhat AS server and an old Digital Alpha). The alerts are being triggered by NFS traffic between the two hosts. Since this seems to be a preprocessor engine that is detecting this traffic, can snort.conf be modified to ignore these packets and how would I go about doing this? Thanks In advance Robert Graham
Current thread:
- (spp_frag3) Short fragment, possible DoS attempt Graham, Robert (Dec 06)