Strange Traffic Flow

[Theodore Stout <theodorestout () yahoo com>]

All,

I got this strange message with Snort

It's claiming that one host is sending large ICMP
packets to my DC, and the DC answers back with the
same large ICMP packet. 
Why would that be?
 
Another thing I keep getting is between a host and a
server is this;
 
The host starts the conversation with the server
requesting "NETBIOS SMB-DS IPC$ unicode share access"
from port 1442 to 445 (Priority 3).
The server answers by doing "NETBIOS SMB Session Setup
AndX request unicode username overflow attempt" to the
host from port 2064 to 139 (Priority 1).
The conversation between the machines end with the
server asking for "NETBIOS SMB IPC$ unicode share
access" on port 2064 to port 139 (priority 3).

Then it takes a short while and either this machine
does it again, or it's another machine trying. Does
anyone know why this might be happening?

Thanks

Theo


-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users