From: Tim Walberg <twalberg@mindspring.com>
To: Dale Amon <amon@vnl.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Vger triggering alerts
Date: Tue, 28 Aug 2001 20:59:29 -0500 [thread overview]
Message-ID: <20010828205929.C1878@mindspring.com> (raw)
In-Reply-To: <OF24A34168.0F477E02-ON85256B29.0052E00A@raleigh.ibm.com> <20010829015050.F27869@vnl.com>
In-Reply-To: <20010829015050.F27869@vnl.com> from Dale Amon on 08/28/2001 19:50
[-- Attachment #1: Type: text/plain, Size: 1368 bytes --]
I've seen similar from a number of sites. You might want
to run the packets through ethereal or tcpdump or similar
to verify it, but the ones I've investigated have ended up
being ECN packets - seems snort isn't yet smart enough to
understand the ECN extensions to TCP...
tw
On 08/29/2001 01:50 +0100, Dale Amon wrote:
>> Any one have an idea why I'd be getting these snort alerts
>> from vger mail transactions?
>>
>> [**] [111:4:1] spp_stream4: WINDOW VIOLATION detection [**]
>> 08/27-01:01:27.806453 199.183.24.194:45473 -> 194.46.0.61:25
>> TCP TTL:49 TOS:0x0 ID:25963 IpLen:20 DgmLen:74 DF
>> ***AP*** Seq: 0x3DFC914F Ack: 0xC8CF2D66 Win: 0x16D0 TcpLen: 32
>> TCP Options (3) => NOP NOP TS: 137819194 96190743
>>
>> --
>> ------------------------------------------------------
>> Use Linux: A computer Dale Amon, CEO/MD
>> is a terrible thing Village Networking Ltd
>> to waste. Belfast, Northern Ireland
>> ------------------------------------------------------
>> -
>> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>> Please read the FAQ at http://www.tux.org/lkml/
End of included message
--
twalberg@mindspring.com
[-- Attachment #2: Type: application/pgp-signature, Size: 175 bytes --]
next prev parent reply other threads:[~2001-08-29 1:59 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-12-21 15:08 Announcing Journaled File System (JFS) release 1.0.3 available Steve Best
2001-08-29 0:50 ` Vger triggering alerts Dale Amon
2001-08-29 1:59 ` Tim Walberg [this message]
2001-10-15 21:28 ` Compressed fs's Dale Amon
2001-10-15 22:04 ` Mike Fedyk
2001-10-16 8:33 ` Peter Wächtler
2001-10-23 14:42 ` ALERT!!!! Attempt to outlaw open source Operating systems Dale Amon
2001-10-23 15:16 ` Alex Buell
2001-10-23 15:53 ` Matti Aarnio
2001-10-23 15:57 ` [OT] " Sven Koch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20010828205929.C1878@mindspring.com \
--to=twalberg@mindspring.com \
--cc=amon@vnl.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.