Snort mailing list archives

Previous By Date Next
Previous By Thread Next

ICMP PING Windows

From: RAMALINGA Reddy <Rgreddy1 () covansys com>
Date: Tue, 20 Nov 2001 03:24:13 -0500
Hi,
        We are using snort on a linux box. There is one machine A which is
trying an "ICMP PING Windows" on machine B. The number of times it attempted
such a ping was 2450 in a span of 24 hours. The snort rule corresponding to
this is checking for the following string in the content.
content: "|61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70|"
I suspect it to be a virus attack. Can anyone help ?

thanks,
Rali


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: