Snort mailing list archives

Re: L3retriever

From: John Sage <jsage () finchhaven com>
Date: Mon, 16 Jul 2001 06:14:38 -0700

Stefano:

Check out:

http://www.whitehats.com/cgi/arachNIDS/Show?_id=ids311&view=event

The database at:

http://www.whitehats.com/ids/

can be very useful in answering questions such as yours...

HTH..

- John

--
John Sage
FinchHaven, Vashon Island, WA, USA
http://www.finchhaven.com/
mailto:jsage () finchhaven com
"The web is so, like, five minutes ago..."


Stefano wrote:

I'm using snort 1.7 to check my network for possible intrusion , and I found
the following trace in the dump  .
As I'm quite a newcomer in snort field  I hope someone could explain me if

it's a potential attack or notTIA


**]  <\Device\Packet_{1F4F587A-BB41-45D3-9F50-7290BD2B8B55}> ICMP Echo
Request L3retriever Ping [**]
07/16-10:44:52.779897 10.1.20.6 -> 10.1.20.8
ICMP TTL:32 TOS:0x0 ID:65325 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:39179  ECHO

Stefano ColomboMCP,MCSE,CCA

CDM Tecnoconsulting SPA

v. M.L.King 38/240132, BolognaItaly

tel      : +39 051 4132611
fax     : +39 051 4132627
WEB : http://www.cdmtc.it

Email: scolombo () cdmtc it

################################
A good traveller has no fixed plans
and is not intent on arriving
                              Lao Tzu
################################




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

L3retriever Stefano (Jul 16)
- Re: L3retriever John Sage (Jul 16)