[Snort-users] What is this alert??
This is a discussion on [Snort-users] What is this alert?? within the Snort forums, part of the System Security and Security Related category; This is a multi-part message in MIME format. ------_=_NextPart_001_01C52E18.DA9315A3 Content-Type: text/plain; charset="US-ASCII&...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-21-2005
|
|||
|
|||
[Snort-users] What is this alert??
This is a multi-part message in MIME format.
------_=_NextPart_001_01C52E18.DA9315A3 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Hey All, I keep getting this same alert over and over and over (About 5k times already since Thursday) =20 (spp_stream4) possible EVASIVE RST detection =20 =20 I can't seem to find any usefull info on it aside from that it is detecting a lot of RST requests...Is this a common alert that needs to be tweaked or am I looking at something more sinister? =20 Thanks! <M> =20 ------_=_NextPart_001_01C52E18.DA9315A3 Content-Type: text/html; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Dus-ascii"> <META content=3D"MSHTML 6.00.2800.1491" name=3DGENERATOR></HEAD> <BODY> <DIV><SPAN class=3D804361913-21032005><FONT face=3DArial size=3D2>Hey=20 All,</FONT></SPAN></DIV> <DIV><SPAN class=3D804361913-21032005><FONT face=3DArial size=3D2>I keep = getting this=20 same alert over and over and over (About 5k times already since=20 Thursday)</FONT></SPAN></DIV> <DIV><SPAN class=3D804361913-21032005><FONT face=3DArial=20 size=3D2></FONT></SPAN> </DIV> <DIV><SPAN class=3D804361913-21032005>(spp_stream4) possible EVASIVE RST = detection </SPAN></DIV> <DIV><SPAN class=3D804361913-21032005></SPAN> </DIV> <DIV><SPAN class=3D804361913-21032005><FONT face=3DArial size=3D2>I = can't seem to find=20 any usefull info on it aside from that it is detecting a lot of RST=20 requests...Is this a common alert that needs to be tweaked or am I = looking at=20 something more sinister?</FONT></SPAN></DIV> <DIV><SPAN class=3D804361913-21032005><FONT face=3DArial=20 size=3D2></FONT></SPAN> </DIV> <DIV><SPAN class=3D804361913-21032005><FONT face=3DArial=20 size=3D2>Thanks!</FONT></SPAN></DIV> <DIV><SPAN class=3D804361913-21032005><FONT face=3DArial=20 size=3D2><M></FONT></SPAN></DIV> <DIV><FONT size=3D4></FONT> </DIV></BODY></HTML> ------_=_NextPart_001_01C52E18.DA9315A3-- ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
