On Thu, 24 Jul 2003, Dave Paris wrote: > Our IDS spotted another TCP port 0 packet at 19:59pm UTC today > (Thursday). Headers follow: > > [**] (snort_decoder): T/TCP Detected [**] > 07/24-19:59:51.308749 216.136.173.246:0 -> xxx.xxx.xxx.xxx:0 In case you don't know, snort has a bug (or had - I don't know if it has been fixed now) that would make those alerts generated by the snort decoder to always have the ports set to 0 since those values weren't yet assigned at that stage. See http://marc.theaimsgroup.com/?l=snort-devel&m=105698697005259&w=2 /Andreas --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Sun Jul 27 2003 - 11:13:18 PDT