Snort mailing list archives
Re: FYI - Possible cause for false positive - ICMP L3retriever Ping
From: Chris Green <cmg () sourcefire com>
Date: Thu, 13 Jun 2002 08:17:05 -0400
Michael Gargiullo <gargiullo () comcast net> writes:
FYI - One cause for false positives with : alert : ICMP L3retriever PingFrom inside an ipchains firewall on a win2k server. I used M$ SQLServer Enterprise Manager to connect to an external SQL Server.
Could you reproduce the full connection handshake for us? I would like to see how this acts. If you are concerned about sensitve information being sent to a public mailing list, please send me pcap formatted dumps Thanks, -- Chris Green <cmg () sourcefire com> "I'm beginning to think that my router may be confused." _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- redworm sanity check John Hally (Jun 08)
- FYI - Possible cause for false positive - ICMP L3retriever Ping Michael Gargiullo (Jun 12)
- Re: FYI - Possible cause for false positive - ICMP L3retriever Ping Chris Green (Jun 13)
- FYI - Possible cause for false positive - ICMP L3retriever Ping Michael Gargiullo (Jun 12)