I've seen similar from a number of sites. You might want
to run the packets through ethereal or tcpdump or similar
to verify it, but the ones I've investigated have ended up
being ECN packets - seems snort isn't yet smart enough to
understand the ECN extensions to TCP...
tw
On 08/29/2001 01:50 +0100, Dale Amon wrote:
>> Any one have an idea why I'd be getting these snort alerts
>> from vger mail transactions?
>>=09
>> [**] [111:4:1] spp_stream4: WINDOW VIOLATION detection [**]
>> 08/27-01:01:27.806453 199.183.24.194:45473 -> 194.46.0.61:25
>> TCP TTL:49 TOS:0x0 ID:25963 IpLen:20 DgmLen:74 DF
>> ***AP*** Seq: 0x3DFC914F Ack: 0xC8CF2D66 Win: 0x16D0 TcpLen: 32
>> TCP Options (3) =3D> NOP NOP TS: 137819194 96190743=20
>>=09
>> --=20
>> ------------------------------------------------------
>> Use Linux: A computer Dale Amon, CEO/MD
>> is a terrible thing Village Networking Ltd
>> to waste. Belfast, Northern Ireland
>> ------------------------------------------------------
>> -
>> To unsubscribe from this list: send the line "unsubscribe linux-kernel" =
in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>> Please read the FAQ at http://www.tux.org/lkml/
End of included message
--=20
twalberg@mindspring.com
--f+W+jCU1fRNres8c
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1i
iQA/AwUBO4xMgMPlnI9tqyVmEQIxkACgrDgahvgdlyHARhe3u02XOzHjkHYAoK8X
dygyt0gg9QUjzmrW1noEpv37
=nC/N
-----END PGP SIGNATURE-----
--f+W+jCU1fRNres8c--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/