Snort mailing list archives
RE: ICMP PING CyberKit 2.2 Windows
From: "Yackley, Matt" <Matt.Yackley () perkinswill com>
Date: Tue, 19 Aug 2003 22:22:33 -0500
Stevo, The W32.Welchia.Worm (Symantec) is causing these alerts. The worm pings the target machine before sending its RPC DCOM exploit packets, these pings contain the payload that matchs the Cyberkit tools ping signature. There isn't much you can do to block these other than blocking ICMP ping requests at your border routers or turning off that rule. -matt -----Original Message----- From: Stevo [mailto:checkpoint () ozbergs com] Sent: Tue 8/19/2003 7:30 PM To: snort-users () lists sourceforge net Cc: Subject: [Snort-users] ICMP PING CyberKit 2.2 Windows Guys, So what's the deal with the 72000 odd ICMP PING CyberKit 2.2 Windows alerts I've got in the past few days?? It's frickin crazy... I've read the posts on here, but what is actually causing this and is there anything I can do at my perimeter to stop these ICMP messages hitting my network?? It's just annoying and I don't want to remove the rule that picks up on the ICMP PING CyberKit 2.2 Windows!! Ideas?? Stevo ------------------------------------------------------- This SF.net email is sponsored by Dice.com. Did you know that Dice has over 25,000 tech jobs available today? From careers in IT to Engineering to Tech Sales, Dice has tech jobs from the best hiring companies. http://www.dice.com/index.epl?rel_code=104 <http://www.dice.com/index.epl?rel_code=104> _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users <https://lists.sourceforge.net/lists/listinfo/snort-users> Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users <http://www.geocrawler.com/redir-sf.php3?list=snort-users> ------------------------------------------------------- This SF.net email is sponsored by Dice.com. Did you know that Dice has over 25,000 tech jobs available today? From careers in IT to Engineering to Tech Sales, Dice has tech jobs from the best hiring companies. http://www.dice.com/index.epl?rel_code=104 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: ICMP PING CyberKit 2.2 Windows, (continued)
- RE: ICMP PING CyberKit 2.2 Windows Francis A. Vidal (Aug 20)
- RE: ICMP PING CyberKit 2.2 Windows nelsbels (Aug 20)
- RE: RE: ICMP PING CyberKit 2.2 Windows Eric Greenberg (Aug 20)
- RE: RE: ICMP PING CyberKit 2.2 Windows Mike Feetham (Aug 20)
- RE: RE: ICMP PING CyberKit 2.2 Windows Bryan Irvine (Aug 20)
- Re: RE: ICMP PING CyberKit 2.2 Windows Michael Anderson (Aug 21)
- RE: RE: ICMP PING CyberKit 2.2 Windows Arvind Clemente (Aug 21)
- RE: RE: ICMP PING CyberKit 2.2 Windows Bryan Irvine (Aug 22)
- Re: RE: ICMP PING CyberKit 2.2 Windows Wes Zuber (Aug 25)
- RE: RE: ICMP PING CyberKit 2.2 Windows Francis A. Vidal (Aug 25)
- RE: RE: ICMP PING CyberKit 2.2 Windows Eric Greenberg (Aug 20)
- RE: RE: ICMP PING CyberKit 2.2 Windows Francis A. Vidal (Aug 25)
- RE: RE: ICMP PING CyberKit 2.2 Windows Jade E. Deane (Aug 25)
- RE: RE: ICMP PING CyberKit 2.2 Windows Francis A. Vidal (Aug 25)
- RE: RE: ICMP PING CyberKit 2.2 Windows twig les (Aug 25)