RE: ICMP Ping Sweep Detection

["Morse, Greg" <gmorse () trigeo com>]

The Contego product by Trigeo will handle this automatically and provide
alerts to your cell phone, pager, etc.

Greg Morse

-----Original Message-----
From: David J. Jackson [mailto:djackson () netdmz com]
Sent: Monday, October 13, 2003 8:51 PM
To: focus-ids () securityfocus com
Subject: ICMP Ping Sweep Detection


We are currently experiencing a daily issue with a worm that is spreading
throughout our network and is running a ping sweep (to I assume look for more
victims) and creating a Denial of Service on that segment.  If I run my
sniffer (Ethereal) I can easily detect the packets that are being sent by
filtering ICMP ping packets, and I usually find the infected computer and
take corrective action.
 
Since I'm new to using Snort and IDS products alike, I'm wondering if there
are tools available besides snort that will allow me to detect these ping
sweeps and alert me when they happen so I can find out before users say they
can't connect to anything.
 
I found many references to "scanlogd", but I can't seem to figure out how to
get it up and running.  Also, please don't kill me, but I don't have a box
with any Linux distribution on it right now that I would be able to use.  I
only have Win2k and WinXP computers.  Are there any Win32 apps like this
available?
 
Thanks to all in advance.
 
David Jackson