[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[firestorm053] tcp reassembly question

To: firestorm@xxxxxxxxxxxxxxxx
Subject: [firestorm053] tcp reassembly question
From: rmkml <rmkml@xxxxxxxxxx>
Date: Fri, 20 Jun 2003 12:29:51 +0200
Delivered-to: mailing list firestorm@scaramanga.co.uk
Mailing-list: contact firestorm-help@scaramanga.co.uk; run by ezmlm
Sender: test@xxxxxxxxxx

Hi,

I receive this event :

Jun 18 15:03:49 xxx 11 firestorm-nids053: 1055941429.164894
alert=tcpstream sig=4.0 priority=5 src=64.94.50.88 dst=217.128.40.92
proto=6 spt=80 dpt=34037 flags=****A*** from=server server=ESTABLISHED
client=ESTABLISHED : Reassembly Error

Download tcpdump file on this link : (3Mo)
http://crusoecids.dyndns.org/cyberguard-firestorm_reassemblyerror.tcpdump.gz

Yes ip 64.94.50.88 is web site Cyberguard.com,
and my ip dynamic

What is Reassembly Error ?
is timeout Error ?
other ?

Thanks for your Answers

Regard.

PS: I use firestorm-nids with syslog patch ...

Follow-Ups:
- Re: [firestorm053] tcp reassembly question
  - From: Gianni Tedesco

Prev by Date: firecat: indexing and concatenation
Next by Date: Re: [firestorm053] tcp reassembly question
Previous by thread: firecat: indexing and concatenation
Next by thread: Re: [firestorm053] tcp reassembly question
Index(es):
- Date
- Thread