Snort mailing list archives
Re: NMAP alerts
From: Maarten Van Horenbeeck <maarten () daemon be>
Date: Sat, 20 Dec 2003 19:32:00 +0000 (GMT)
Hi Bob,
I've been noticing a few PC's on our network generating large numbers of NMAP alerts (icmp ping nmap). It seems to be caused by "CNet Download Manager". I found this app loaded on two PCs generating the alert and, after removing it, the alerts appear to have disappeared. Has anyone else encountered a similar problem?
This is perfectly normal. The Kontiki download manager (which is used by CNET as well), sends an ICMP echo request with 0 bytes of data to the default gateway every two seconds. It most likely does this to assess how good your local connection is, as part of a metric for its "secure delivery network". However, if you disable use of the SDN, the ICMP packets will still continue to be transmit. There is a small description in the signature documentation itself: http://www.snort.org/snort-db/sid.html?sid=469 Best regards, Maarten -- Maarten Van Horenbeeck maarten () daemon be ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- NMAP alerts bdushok (Dec 03)
- <Possible follow-ups>
- Re: NMAP alerts Maarten Van Horenbeeck (Dec 20)