Snort mailing list archives
Do I have a problem?
From: "KEITH KOOYMAN" <pcsolutions101 () hotmail com>
Date: Sun, 25 Aug 2002 15:45:43 -0600
I installed a SNORT box a few weeks ago and now I am getting some strange entries in my logs. The log entry goes like this:
ICMP Nmap2.36BETA or HPING2 Echo [Classification: Attempted Information Leak] [Priority: 3]: {ICMP} ipaddress -> ipaddress
I go to the machines that are the source (first ip) and search the registry for nmap and it is there, on some machines. No one is logged onto most of the machines when the event occurrs (I am certain of this). I have seen this about 5-6 times since Fri night and can't determine if I am being scanned or not.
Does anyone have any ideas? Does nmap leave any traces on a windows box that can be found/removed?
Any info would be appreciated. Keith _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Do I have a problem? KEITH KOOYMAN (Aug 25)
- Re: Do I have a problem? Wayne T Work (Aug 25)