IDS mailing list archives

Previous By Date Next
Previous By Thread Next

FW: RE:ICMP Ping Sweep Detection

From: "subsurface" <marklewis () subsurface ndo co uk>
Date: Mon, 20 Oct 2003 20:46:10 +0100
This is the second attempt at sending this one. 

-----Original Message-----
From: subsurface [mailto:marklewis () subsurface ndo co uk] 
Sent: 20 October 2003 20:33
To: 'focus-ids () securityfocus com'
Subject: RE:ICMP Ping Sweep Detection



Try the EagleX IDS build, which is built around the Snort IDS, It is
very nice, and comes with its own installer... put all the right bits in
all the right places, including the MySQL database.. I am running this
on my own test rig, with deployed Snort IDS's reporting back to the
master database... Most of the boxes within the rig are 2k, XP, and one
Unix based system.. all works very nicely...

http://www.engagesecurity.com/products/eaglex/

Subsurface
 
 
It is dangerous to swim with the sharks,
But at least they don't nag.....


-----Original Message-----
From: Morse, Greg [mailto:gmorse () trigeo com] 
Sent: 15 October 2003 15:57
To: David J. Jackson; focus-ids () securityfocus com
Subject: RE: ICMP Ping Sweep Detection

The Contego product by Trigeo will handle this automatically and provide
alerts to your cell phone, pager, etc.

Greg Morse

-----Original Message-----
From: David J. Jackson [mailto:djackson () netdmz com]
Sent: Monday, October 13, 2003 8:51 PM
To: focus-ids () securityfocus com
Subject: ICMP Ping Sweep Detection


We are currently experiencing a daily issue with a worm that is
spreading throughout our network and is running a ping sweep (to I
assume look for more
victims) and creating a Denial of Service on that segment.  If I run my
sniffer (Ethereal) I can easily detect the packets that are being sent
by filtering ICMP ping packets, and I usually find the infected computer
and take corrective action.
 
Since I'm new to using Snort and IDS products alike, I'm wondering if
there are tools available besides snort that will allow me to detect
these ping sweeps and alert me when they happen so I can find out before
users say they can't connect to anything.
 
I found many references to "scanlogd", but I can't seem to figure out
how to get it up and running.  Also, please don't kill me, but I don't
have a box with any Linux distribution on it right now that I would be
able to use.  I only have Win2k and WinXP computers.  Are there any
Win32 apps like this available?
 
Thanks to all in advance.
 
David Jackson







---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security

Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console

Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_focus-ids_031015 
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: