Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-users] frag3 alerts

from [Drew Burchett] Network Security [Permanent Link]
Subject: [Snort-users] frag3 alerts
Date: Mon, 22 May 2006 11:18:10 -0500 
I am seeing a lot of frag3 Fragmentation overlap alerts with my DNS
server as the destination and a source address that reverses to a root
server.  When examining the packets, the traffic seems to be valid DNS
traffic, although it has nothing to do with any domains that I host.  Is
this some sort of attack, or is it valid traffic that is throwing false
positives?  If it is a false positive, is there any way I can fine-tune
the frag3 preprocessor to avoid these?

 

Drew Burchett

United Systems & Software

http://www.united-systems.com

Phone:  (270)527-3293

Fax:     (270)527-3132

 


--
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for 
the sole use of the intended recipient(s) and may contain confidential and 
privileged information. Any unauthorized review, use, disclosure or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.

-- 
This message has been scanned for viruses and dangerous content by MailScanner 
and is believed to be clean.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Snort-users] syslog output, Drew Burchett
Next by Date:  RE: [Snort-users] frag3 alerts, Drew Burchett
Previous by Thread:  [Snort-users] syslog output, hchlai
Next by Thread:  RE: [Snort-users] frag3 alerts, Drew Burchett
Indexes:  [Date] [Thread] [Top] [All Lists]