Snort mailing list archives
RE: Icmp Ping
From: "Jerry Shenk" <jshenk () decommunications com>
Date: Thu, 18 Mar 2004 06:30:00 -0500
That showed up on this list once before (http://groups.google.com/groups?q=icmp+please+help+matrix+catch+me&hl=e n&lr=&ie=UTF-8&oe=UTF-8&selm=I5u_a.85213%247O4.1995953%40twister.rdc-kc. rr.com&rnum=1) and also on the comp.security.misc newsgroup (http://groups.google.com/groups?q=icmp+please+help+matrix+catch+me&hl=e n&lr=&ie=UTF-8&oe=UTF-8&selm=aa34f8a6.0307300004.60fadc8d%40posting.goog le.com&rnum=4). I didn't remember but google did;) What that traffic originating from one of your boxes or coming in? I'd give the related box a serious check. First thought was a back door but then the question is, "Why be so obvious?" How long a period of time did this traffic involve? Is it still going on? -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of cc Sent: Thursday, March 18, 2004 4:38 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Icmp Ping Hi, I was looking at ACID's report for the first time this month and noticed the extraordinary amount of ICMP PINGs. I took a look at one, and was surprised to find the following as the payload: 000 : 50 6C 65 61 73 65 20 68 65 6C 70 20 6D 65 2C 20 Please help me, 010 : 6D 61 74 72 69 78 20 63 61 74 63 68 20 6D 65 20 matrix catch me That Can't be a ping. Can someone point out whether or not I fuzzed up my snort configuration? Thanks. Edmund ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Icmp Ping cc (Mar 18)
- RE: Icmp Ping Jerry Shenk (Mar 18)
- RE: Icmp Ping Jim Hendrick (Mar 18)
- Re: Icmp Ping cc (Mar 18)
- RE: Icmp Ping Jerry Shenk (Mar 19)
- Re: Icmp Ping cc (Mar 18)
- RE: Icmp Ping Jim Hendrick (Mar 18)
- RE: Icmp Ping Lucretia Enterprises (Mar 19)
- RE: Icmp Ping Jim Hendrick (Mar 18)
- RE: Icmp Ping Jerry Shenk (Mar 18)