From: Tim Walberg <twalberg@mindspring.com>
To: Dale Amon <amon@vnl.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Vger triggering alerts
Date: Tue, 28 Aug 2001 20:59:29 -0500 [thread overview]
Message-ID: <20010828205929.C1878@mindspring.com> (raw)
In-Reply-To: <OF24A34168.0F477E02-ON85256B29.0052E00A@raleigh.ibm.com> <20010829015050.F27869@vnl.com>
In-Reply-To: <20010829015050.F27869@vnl.com> from Dale Amon on 08/28/2001 19:50
[-- Attachment #1: Type: text/plain, Size: 1368 bytes --]
I've seen similar from a number of sites. You might want
to run the packets through ethereal or tcpdump or similar
to verify it, but the ones I've investigated have ended up
being ECN packets - seems snort isn't yet smart enough to
understand the ECN extensions to TCP...
tw
On 08/29/2001 01:50 +0100, Dale Amon wrote:
>> Any one have an idea why I'd be getting these snort alerts
>> from vger mail transactions?
>>
>> [**] [111:4:1] spp_stream4: WINDOW VIOLATION detection [**]
>> 08/27-01:01:27.806453 199.183.24.194:45473 -> 194.46.0.61:25
>> TCP TTL:49 TOS:0x0 ID:25963 IpLen:20 DgmLen:74 DF
>> ***AP*** Seq: 0x3DFC914F Ack: 0xC8CF2D66 Win: 0x16D0 TcpLen: 32
>> TCP Options (3) => NOP NOP TS: 137819194 96190743
>>
>> --
>> ------------------------------------------------------
>> Use Linux: A computer Dale Amon, CEO/MD
>> is a terrible thing Village Networking Ltd
>> to waste. Belfast, Northern Ireland
>> ------------------------------------------------------
>> -
>> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>> Please read the FAQ at http://www.tux.org/lkml/
End of included message
--
twalberg@mindspring.com
[-- Attachment #2: Type: application/pgp-signature, Size: 175 bytes --]
next prev parent reply other threads:[~2001-08-29 1:59 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-12-21 15:08 Announcing Journaled File System (JFS) release 1.0.3 available Steve Best
2001-08-29 0:50 ` Vger triggering alerts Dale Amon
2001-08-29 1:59 ` Tim Walberg [this message]
2001-10-15 21:28 ` Compressed fs's Dale Amon
2001-10-15 22:04 ` Mike Fedyk
2001-10-16 8:33 ` Peter Wächtler
2001-10-23 14:42 ` ALERT!!!! Attempt to outlaw open source Operating systems Dale Amon
2001-10-23 15:16 ` Alex Buell
2001-10-23 15:53 ` Matti Aarnio
2001-10-23 15:57 ` [OT] " Sven Koch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20010828205929.C1878@mindspring.com \
--to=twalberg@mindspring.com \
--cc=amon@vnl.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox