Snort mailing list archives
Large ICMP packets in the rule
From: "Edwin Pua" <edwin1118 () hotmail com>
Date: Thu, 14 Feb 2002 10:23:30 +0000
Hi,Just want to clarify the ICMP packets in this rule. How large is the ICMP packets before alerting the snort? coz i have received 5 to 10 MISC Large ICMP Packet in just few minutes? Am i being flooded or attacked by DOS if it appears?
Thanks for your info. edwinalert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"MISC Large ICMP Packet"; dsize: >800; reference:arachnids,2
46; classtype:bad-unknown; sid:499; rev:1;) _________________________________________________________________Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Large ICMP packets in the rule Edwin Pua (Feb 14)