Snort mailing list archives
Speedera Alerts
From: Kevin L Pawloski <kpawloski () juno com>
Date: Mon, 25 Mar 2002 10:17:08 -0800
My Snort logs are being flooded with Speedera Alerts. This is to be expected since they are pinging one of my DNS servers =) Except for some reason the rule I am using is not filtering out any of their packets. Here is what I have in my icmp rules and a sample packet. alert ICMP any any -> any any (msg:"PING Speedera"; content: "|3839 3A3B 3C3D 3E3F|"; itype: 8; ) 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 ............... 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 ........ !"#$%&' 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37 ()*+,-./01234567 38 39 3A 3B 3C 3D 3E 3F 89:;<=>? Any ideas? Thanks! Kevin ________________________________________________________________ GET INTERNET ACCESS FROM JUNO! Juno offers FREE or PREMIUM Internet access for less! Join Juno today! For your FREE software, visit: http://dl.www.juno.com/get/web/. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Speedera Alerts Kevin L Pawloski (Mar 25)
- Re: Speedera Alerts Erek Adams (Mar 25)
- Re: Speedera Alerts james (Mar 25)
- <Possible follow-ups>
- RE: Speedera Alerts Luo, Feng (Exchange) (Mar 26)
- RE: Speedera Alerts Erek Adams (Mar 26)