Snort mailing list archives
Re: Icmp Ping
From: cc <cc () belfordhk com>
Date: Fri, 19 Mar 2004 11:08:17 +0800
Jerry Shenk sighed and wrote::
What that traffic originating from one of your boxes or coming in? I'd
The traffic is coming into the box and not out. But reading the links above, if the traffic is coming into the box and that the traffic is actually a PONG (and not a PING), then does that means it's actually responding to a Ping originating from within the network? Or did I misunderstand the last link? I had trouble understanding it and only kinda guessed the meaning.
give the related box a serious check. First thought was a back door but then the question is, "Why be so obvious?" How long a period of time did this traffic involve? Is it still going on?
It's still going on. And now, I've got another different Icmp response with a payload of :- 000 : 37 FF 01 00 00 00 0B B8 00 03 D5 EB 4E EA B8 2D 7...........N..- 010 : 0E 74 6F 70 2D 36 30 30 31 2D 34 32 30 30 30 00 .top-6001-42000. 020 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 030 : 00 00 .. Does anyone recognize this kind of command? Thanks Edmund ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Icmp Ping cc (Mar 18)
- RE: Icmp Ping Jerry Shenk (Mar 18)
- RE: Icmp Ping Jim Hendrick (Mar 18)
- Re: Icmp Ping cc (Mar 18)
- RE: Icmp Ping Jerry Shenk (Mar 19)
- Re: Icmp Ping cc (Mar 18)
- RE: Icmp Ping Jim Hendrick (Mar 18)
- RE: Icmp Ping Lucretia Enterprises (Mar 19)
- RE: Icmp Ping Jim Hendrick (Mar 18)
- RE: Icmp Ping Jerry Shenk (Mar 18)