This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

(spp_stream4) STEALTH ACTIVITY ?

Hi,

My internal Snort sensor (not Astaro) sees last time the following:

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

[**] (spp_stream4) STEALTH ACTIVITY (unknown) detection [**]
08/29-20:30:40.931738 84.157.126.13:3823 -> 192.168.100.25:80
TCP TTL:250 TOS:0x0 ID:56318 IpLen:20 DgmLen:40
*2***R** Seq: 0x196F5F73 Ack: 0x0 Win: 0x1BC6 TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

Why doesn't the IPS system (Inline Snort, Anomaly) notice anything of it?

Stefan

This thread was automatically locked due to age.

Parents

0 NimmdirKeks over 20 years ago

Hi,

can have multiple reasons, mybe a false positiv of you internal scanner, or the net is in the IPS ignor list of the Astaro

Chris
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 NimmdirKeks over 20 years ago

Hi,

can have multiple reasons, mybe a false positiv of you internal scanner, or the net is in the IPS ignor list of the Astaro

Chris
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data