[Oisf-users] Lots of "TCP duplicated option" (SID 2200037) since upgrade to 3.1.1
Peter Manev
petermanev at gmail.com
Mon Jul 25 22:44:10 UTC 2016
On Mon, Jul 25, 2016 at 7:15 PM, Brian Keefer <chort at effu.se> wrote:
> I’m curious if anyone else has run into this. Previously I was on 3.0 RC (I don’t remember which one exactly). Ever since I upgrade our sensors to 3.1.1-release I’ve been seeing hundreds of thousands of “TCP duplicated option” alerts per day. I’m in the process of pulling out some PCAPs to try to see what exactly is going on. It appears the vast majority are being generated by Ubuntu boxes running Postfix, and CentOS boxes running Nagios.
>
It would be very helpful to share the pcap that can be used to further
analyze that case.
> --
> bk
>
>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list