IDS mailing list archives
FW: RE:ICMP Ping Sweep Detection
From: "subsurface" <marklewis () subsurface ndo co uk>
Date: Mon, 20 Oct 2003 20:46:10 +0100
This is the second attempt at sending this one. -----Original Message----- From: subsurface [mailto:marklewis () subsurface ndo co uk] Sent: 20 October 2003 20:33 To: 'focus-ids () securityfocus com' Subject: RE:ICMP Ping Sweep Detection Try the EagleX IDS build, which is built around the Snort IDS, It is very nice, and comes with its own installer... put all the right bits in all the right places, including the MySQL database.. I am running this on my own test rig, with deployed Snort IDS's reporting back to the master database... Most of the boxes within the rig are 2k, XP, and one Unix based system.. all works very nicely... http://www.engagesecurity.com/products/eaglex/ Subsurface It is dangerous to swim with the sharks, But at least they don't nag..... -----Original Message----- From: Morse, Greg [mailto:gmorse () trigeo com] Sent: 15 October 2003 15:57 To: David J. Jackson; focus-ids () securityfocus com Subject: RE: ICMP Ping Sweep Detection The Contego product by Trigeo will handle this automatically and provide alerts to your cell phone, pager, etc. Greg Morse -----Original Message----- From: David J. Jackson [mailto:djackson () netdmz com] Sent: Monday, October 13, 2003 8:51 PM To: focus-ids () securityfocus com Subject: ICMP Ping Sweep Detection We are currently experiencing a daily issue with a worm that is spreading throughout our network and is running a ping sweep (to I assume look for more victims) and creating a Denial of Service on that segment. If I run my sniffer (Ethereal) I can easily detect the packets that are being sent by filtering ICMP ping packets, and I usually find the infected computer and take corrective action. Since I'm new to using Snort and IDS products alike, I'm wondering if there are tools available besides snort that will allow me to detect these ping sweeps and alert me when they happen so I can find out before users say they can't connect to anything. I found many references to "scanlogd", but I can't seem to figure out how to get it up and running. Also, please don't kill me, but I don't have a box with any Linux distribution on it right now that I would be able to use. I only have Win2k and WinXP computers. Are there any Win32 apps like this available? Thanks to all in advance. David Jackson --------------------------------------------------------------------------- FREE Whitepaper: Better Management for Network Security Looking for a better way to manage your IP security? Learn how Solsoft can help you: - Ensure robust IP security through policy-based management - Make firewall, VPN, and NAT rules interoperable across heterogeneous networks - Quickly respond to network events from a central console Download our FREE whitepaper at: http://www.securityfocus.com/sponsor/Solsoft_focus-ids_031015 ---------------------------------------------------------------------------
Current thread:
- ICMP Ping Sweep Detection David J. Jackson (Oct 14)
- <Possible follow-ups>
- RE: ICMP Ping Sweep Detection Jerry Heidtke (Oct 15)
- RE: ICMP Ping Sweep Detection Morse, Greg (Oct 15)
- FW: RE:ICMP Ping Sweep Detection subsurface (Oct 20)