|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Port 0 packets
From: Andreas Östling (andreaso
it.su.se)
Date: Fri Jul 25 2003 - 13:18:38 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, 24 Jul 2003, Dave Paris wrote:
> Our IDS spotted another TCP port 0 packet at 19:59pm UTC today
> (Thursday). Headers follow:
>
> [**] (snort_decoder): T/TCP Detected [**]
> 07/24-19:59:51.308749 216.136.173.246:0 -> xxx.xxx.xxx.xxx:0
In case you don't know, snort has a bug (or had - I don't know if it has
been fixed now) that would make those alerts generated by the snort
decoder to always have the ports set to 0 since those values weren't yet
assigned at that stage.
See http://marc.theaimsgroup.com/?l=snort-devel&m=105698697005259&w=2
/Andreas
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]