snort warnings
Results 1 to 3 of 3

Thread: snort warnings

  1. #1
    Senior Member
    Join Date
    Aug 2003
    Posts
    185

    snort warnings

    I found these warnings in the snort reports:

    Code:
    Dec 2 17:04:42 gateway snort: [116:46:1] (snort_decoder) WARNING: TCP Data Offset is less than 5! {TCP} 210.95.x.y:0 -> 217.228.u.v:0
    Dec 2 17:04:45 gateway snort: [116:46:1] (snort_decoder) WARNING: TCP Header length exceeds packet length! {TCP} 210.95.x.y:0 -> 217.228.u.v:0
    Is someone able to explain ?
    thx
    Industry Kills Music.

  2. #2
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    It was doing sanity checking on the packet and found that it didn't add up. Possible that snort made a mistake, but more likely the person was trying to send specially crafted traffic (either heavily fragmenting to try to avoid IDS detection, or possibly to try to crash the TCP/IP stack on the victim machine).

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Stanger:

    This might help and you might want to read this too, It's not all to do with this alert but it is an interesting read.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •