[unisog] Increase in Snort Truncated TCP Options Entries

Lois Lehman LOIS.LEHMAN at asu.edu
Mon May 3 18:24:24 GMT 2004

Over the past week, we have had an increase of entries like these in our
snort logs:

[**] (snort_decoder): Truncated Tcp Options [**]
05/01-03:03:56.827803 ->
TCP TTL:109 TOS:0x0 ID:58947 IpLen:20 DgmLen:48 DF
******S* Seq: 0x787CFF72  Ack: 0xC267C49C  Win: 0x4000  TcpLen: 28

The source IP on these is from Taiwan, Hong Kong, California this week.
Any idea what this is related to?  In other words, what is being
attempted here?


Lois Lehman
College Network Security Manager
Physical Sciences Computer Support Manager
College of Liberal Arts & Sciences
Arizona State University

More information about the unisog mailing list