Snort mailing list archives
Re: Heavy ICMP Traffic
From: Nicholas Bachmann <nbachmann () mail davison k12 mi us>
Date: Mon, 04 Nov 2002 16:09:20 -0500
Brian M. Diehl wrote:> I have snort on a newly installed rh7.3 box, its been running for this weekend and i found some really intresting things in the alert log. I haven't been able to find info in the archives. They are sadly 2 win2k boxes running, and i'm seeing this betweent the two of them.
> >[**] ICMP L3retriever Ping [**] >11/02-01:17:16.078236 xxx.xxx.217.53 -> 192.168.2.4 >ICMP TTL:28 TOS:0x0 ID:4402 IpLen:20 DgmLen:60 >Type:8 Code:0 ID:512 Seq:9278 ECHO >=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ >>the .53 is an external address for one of my boxes, and obviously the 2.4 address is NAT'd for a box with no external addy and is a win2k PDC. I have a roughly 20 meg log file for this particar incident. Does anyone know what this is? Is this "normal" windows crap? the odd thing is i'm not seeing a reply from 2.4 to .53....
> Yep, standard Windows stuff. I get this all the time, Windows 2k servers and DCs. Look at http://www.whitehats.com/info/IDS311. -- Regards, Nick Nicholas Bachmann, SSCP Tech Department Davison Community Schools ------------------------------------------------------- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Heavy ICMP Traffic Brian M. Diehl (Nov 04)
- Re: Heavy ICMP Traffic Nicholas Bachmann (Nov 04)
- <Possible follow-ups>
- RE: Heavy ICMP Traffic Hicks, John (Nov 04)
- RE: Heavy ICMP Traffic Brian M. Diehl (Nov 04)
- RE: Heavy ICMP Traffic Brian M. Diehl (Nov 04)