Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Do I have a problem?

From: "KEITH KOOYMAN" <pcsolutions101 () hotmail com>
Date: Sun, 25 Aug 2002 15:45:43 -0600
I installed a SNORT box a few weeks ago and now I am getting some strange entries in my logs. The log entry goes like this:
ICMP Nmap2.36BETA or HPING2 Echo [Classification: Attempted Information Leak] [Priority: 3]: {ICMP} ipaddress -> ipaddress
I go to the machines that are the source (first ip) and search the registry for nmap and it is there, on some machines. No one is logged onto most of the machines when the event occurrs (I am certain of this). I have seen this about 5-6 times since Fri night and can't determine if I am being scanned or not.
Does anyone have any ideas? Does nmap leave any traces on a windows box that can be found/removed? 

Any info would be appreciated.

Keith







_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com



-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: