Snort mailing list archives
Alerts of the ICMP relationship with smtp connection?
From: Paulo <listassec () yahoo com>
Date: Tue, 24 May 2005 11:27:40 -0700 (PDT)
Hi, I am using Snort version Version 2.3.2 (Build 12). I have in my snort logs the alerts: 366 - ICMP Ping *nix 384 - ICMP Ping 368 - Ping BSDtype I investigated my others systems logs and in the time that this alert is recorded is the same that registered smtp connection in the maillog arquive from my postfix server. The source IP address in snort's log is equal the destination IP address in the maillog to smtp connection. This alerts can to be generated by my mail server when it sends mails? This alerts is a false positive? Thanks by help __________________________________ Discover Yahoo! Have fun online with music videos, cool games, IM and more. Check it out! http://discover.yahoo.com/online.html ------------------------------------------------------- This SF.Net email is sponsored by Yahoo. Introducing Yahoo! Search Developer Network - Create apps using Yahoo! Search APIs Find out how you can build Yahoo! directly into your own Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Alerts of the ICMP relationship with smtp connection? Paulo (May 24)
- Re: Alerts of the ICMP relationship with smtp connection? Matt Jonkman (May 24)
- <Possible follow-ups>
- Re: Alerts of the ICMP relationship with smtp connection? Paulo (May 24)
- Re: Alerts of the ICMP relationship with smtp connection? Paulo (May 30)
- Re: Alerts of the ICMP relationship with smtp connection? Frank Knobbe (May 31)
- Re: Alerts of the ICMP relationship with smtp connection? Paulo (Jun 06)
- Re: Alerts of the ICMP relationship with smtp connection? Frank Knobbe (May 31)
- RE: Alerts of the ICMP relationship with smtp connection? Paulo (Jun 07)
- RE: Alerts of the ICMP relationship with smtp connection? Briggs, Bruce (Jun 07)
- RE: Alerts of the ICMP relationship with smtp connection? Paulo (Jun 07)
- RE: Alerts of the ICMP relationship with smtp connection? Briggs, Bruce (Jun 07)
- Snort Inline again.... Xavier Cabrera (Jun 07)
(Thread continues...)