-
snort warnings
I found these warnings in the snort reports:
Code:
Dec 2 17:04:42 gateway snort: [116:46:1] (snort_decoder) WARNING: TCP Data Offset is less than 5! {TCP} 210.95.x.y:0 -> 217.228.u.v:0
Dec 2 17:04:45 gateway snort: [116:46:1] (snort_decoder) WARNING: TCP Header length exceeds packet length! {TCP} 210.95.x.y:0 -> 217.228.u.v:0
Is someone able to explain ?
thx
-
It was doing sanity checking on the packet and found that it didn't add up. Possible that snort made a mistake, but more likely the person was trying to send specially crafted traffic (either heavily fragmenting to try to avoid IDS detection, or possibly to try to crash the TCP/IP stack on the victim machine).
/nebulus
-
Stanger:
This might help and you might want to read this too, It's not all to do with this alert but it is an interesting read.
