[kdepim-users] Snort "TCP session without 3-way handshake" warning

Peter Humphrey peter at prh.myzen.co.uk
Wed Apr 9 10:23:32 BST 2014

Hello list,

I'm running KMail 4.11.5 on a Gentoo amd64 box. One of my accounts is a POP3 
connection to my LAN server. I installed snort on the server yesterday, and 
now I get warnings like this in the snort alert log:

[**] [129:20:1] TCP session without 3-way handshake [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
04/09-10:13:39.343914 ->
TCP TTL:64 TOS:0x10 ID:37404 IpLen:20 DgmLen:104 DF
***AP*** Seq: 0xF037D897  Ack: 0x8F8FE3C5  Win: 0x152  TcpLen: 32
TCP Options (3) => NOP NOP TS: 249552861 325460764 

The IPs are this box,, and the server,, which is 
running dovecot 2.2.9 to serve POP3 e-mails.

Do I need to set something in KMail, or is this a bug - or is snort being too 
pernickety? I have nearly 5MB of logs from snort already.


KDE PIM users mailing list
Subscription management: https://mail.kde.org/mailman/listinfo/kdepim-users

More information about the kdepim-users mailing list