Snort mailing list archives
RE: Sid 466
From: "Semerjian, Ohanes" <ohanes.semerjian () au mci com>
Date: Thu, 1 May 2003 14:41:51 +0800
Capture the traffic from and to that PC and check the type of the ICMP packet (as there are different types of ICMP) that should help you know what is actually going on. Best Regards Ohanes Semerjian -----Original Message----- From: David Powell [mailto:dpowell () herbalife com] Sent: Thursday, 1 May 2003 3:22 AM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] Sid 466 Importance: High OK were fine tuning Snort here, I'm looking at my top 5 alerts in Acid Console. Second on my list is sid 466. I investigated one of the PC's that is being reported as generating this alert. I found nothing, and the user says he's not doing any ICMP to any devices. Plus if I do a ping it doesn't generate this sid 466. I pretty sure this is a false positive. Looking for suggestions as to whether I should go ahead and turn off the rule or leave it in? Dave Powell - Network Analyst ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Sid 466 David Powell (Apr 30)
- Re: Sid 466 Matt Kettler (Apr 30)
- Re: Sid 466 Erick Mechler (Apr 30)
- <Possible follow-ups>
- RE: Sid 466 Semerjian, Ohanes (May 01)