Im wondering if anyone else running Snort has ever gotten funky T/TCP decoding alarms? If so, have you figured out why they trip ?... I've googled the piss out of T/TCP and most folks seem to think its a false positive... I find that looking at every alarm like its the end of the world makes that day go by faster.
I found a few RFC's and I am pretty interested in this TAO thingy, and bypassing the 3 way handshake...but the rabbit hole runs too deep tonight...if anyone else is interested check out the following:
http://www.faqs.org/rfcs/rfc1379.html
I found a few RFC's and I am pretty interested in this TAO thingy, and bypassing the 3 way handshake...but the rabbit hole runs too deep tonight...if anyone else is interested check out the following:
http://www.faqs.org/rfcs/rfc1379.html