Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SUMMARY, CyberKit 2.2 Ping, its driven me Nuts..

From: Jeff Kell <jeff-kell () utc edu>
Date: Wed, 31 Dec 2003 09:40:01 -0500
Chris N wrote:


Fellowship of the Snort,

I guess I should have clarified that all the "CyberKit 2.2 Ping" alerts were
ingress only.

Some of you guys suggested just removing the alert. Yes that would stop the
chaos, but I didn't want to blind myself. Although, I do have to admit I was
leaning this way.
Is there a way to distinguish CyberKit 2.2 from Nachi? Nachi is always 64 bytes of 0xaa, is CyberKit's the same length? 

Jeff



-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: