IDS mailing list archives
RE: ICMP Ping Sweep Detection
From: "Morse, Greg" <gmorse () trigeo com>
Date: Wed, 15 Oct 2003 07:57:16 -0700
The Contego product by Trigeo will handle this automatically and provide alerts to your cell phone, pager, etc. Greg Morse -----Original Message----- From: David J. Jackson [mailto:djackson () netdmz com] Sent: Monday, October 13, 2003 8:51 PM To: focus-ids () securityfocus com Subject: ICMP Ping Sweep Detection We are currently experiencing a daily issue with a worm that is spreading throughout our network and is running a ping sweep (to I assume look for more victims) and creating a Denial of Service on that segment. If I run my sniffer (Ethereal) I can easily detect the packets that are being sent by filtering ICMP ping packets, and I usually find the infected computer and take corrective action. Since I'm new to using Snort and IDS products alike, I'm wondering if there are tools available besides snort that will allow me to detect these ping sweeps and alert me when they happen so I can find out before users say they can't connect to anything. I found many references to "scanlogd", but I can't seem to figure out how to get it up and running. Also, please don't kill me, but I don't have a box with any Linux distribution on it right now that I would be able to use. I only have Win2k and WinXP computers. Are there any Win32 apps like this available? Thanks to all in advance. David Jackson
Current thread:
- ICMP Ping Sweep Detection David J. Jackson (Oct 14)
- <Possible follow-ups>
- RE: ICMP Ping Sweep Detection Jerry Heidtke (Oct 15)
- RE: ICMP Ping Sweep Detection Morse, Greg (Oct 15)
- FW: RE:ICMP Ping Sweep Detection subsurface (Oct 20)