Re: ICMP Ping NMAP troubleshooting

["Simon Gray" <simong () desktop-guardian com>]

Are you running any form of server checking software?

Some of those tend to use pings to check if host it up.

Could you not filter out external -> internal pings via a firewall?
----- Original Message ----- 
From: "Stephen W. Thomas" <swthomas () techsoft com>
To: <snort-users () lists sourceforge net>
Sent: Tuesday, May 20, 2003 2:08 PM
Subject: [Snort-users] ICMP Ping NMAP troubleshooting


> I've just setup a snort & acid setup on our company network. I've noticed
a lot of ICMP Ping NMAP hits coming from our servers and going to our W2K
DNS/Terminal server. I'd like to find out if this is normal or what is
generating the pings but I'm not sure how to track a packet with no payload
back to it's source program. Also, if it's normal for my network, then what
do most people recommend?
> A. Ignore the thousands of hits it gets
> B. Disable that one rule for the one destination.
>
> Any comments would be appreciated.
>
> Thanks,
> Steve
> NHYX銲un7+~V
> /u뙩ʋjƊjطj؝jj vv
> 蒋9rԢ
> > ںJ   y˶벋q箞Dzf)+Jz ۢy j鴢رDjxǢ{鹻&۳ qz  X) Jz rz֧  Wr



-------------------------------------------------------
This SF.net email is sponsored by: ObjectStore.
If flattening out C++ or Java code to make your application fit in a
relational database is painful, don't do it! Check out ObjectStore.
Now part of Progress Software. http://www.objectstore.net/sourceforge
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users