Snort mailing list archives
RE: Strange ICMP
From: "Baxter, Anthony (ABAXTER)" <ABAXTER () arinc com>
Date: Tue, 18 May 2004 14:07:49 -0400
To All, Does anyone know how I could send the Fourlog files that snort is generating for me over to log analyzer via syslog, or will I have to set up a cron job? -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Ron Shuck Sent: Tuesday, May 18, 2004 10:49 AM To: snort-users () lists sourceforge net; intrusions () lists sans org Subject: [Snort-users] Strange ICMP Hi, I am detecting an increased amount of ICMP Ping traffic. The strange thing is that there are several sources that are hitting us about 1000 times a week. All of these sources have a last octet of some form of 36 and 37. 63.163.102.36 & 37 216.34.77.36 & 37 64.209.232.36 & 37 61.213.167.236 & 237 193.95.144.136 & 137 These are from different ISPs and in a couple countries. The destination is on a Cable Modem that has no inbound access. It's not causing an issue, it's just anomalous. Anyone else seeing this kind of traffic, or have any ideas on the origin? Ron Shuck, CISSP, GCIA, CCSE - Managing Consultant Buchanan Associates - A Technology Company in the People Business ------------------------------------------------------- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id%62&alloc_ida84&op=ick _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users ------------------------------------------------------- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Strange ICMP Ron Shuck (May 18)
- <Possible follow-ups>
- RE: Strange ICMP Baxter, Anthony (ABAXTER) (May 18)