I'm running Snort 8 and have been seeing ALOT of this type of attack
aignatures. It looks like a false positive, but I'm not sure.
[**] [1:526:3] BAD TRAFFIC data in TCP SYN packet [**]
[Classification: Misc activity] [Priority: 3]
11/28-08:02:09.593643 216.25.228.229:2200-> 208.160.110.28:53
TCP TTL:240 TOS:0x0 ID:35423 IpLen:20 DgmLen:64
******S* Seq: 0x1E000853 Ack: 0x0 Win: 0x800 TcpLen: 20
Thanks for your help,
Marty
P.S What are ipchains????
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
