Snort mailing list archives
Re: icmp: is this real?
From: John Sage <jsage () finchhaven com>
Date: Sun, 31 Mar 2002 21:44:42 -0800
Chris: On Sun, Mar 31, 2002 at 10:31:44PM -0500, Chris Green wrote:
John Sage <jsage () finchhaven com> writes:Is this a _real_ icmp packet, or a ghost in the machine? Ths was in a portscan I got around midnight 03/30/02. It is in sequence with the IP ID ahead of it, and after.. And it _didn't_ have the Type: Code: ID: Seq: data line as all other packets usually do.. The DgmLen: is clearly bogus, unless snort is on crack.. Oh yeah, snort 1.8.2 build 86, running on Linux 2.2.14.Please upgrade to snort-stable off the downloads page on www.snort.org. That was fixed post 1.8.3
I'll take that as meaning the correct answer was: b) a ghost in the machine Thnx... - John -- In those days, you could not buy a $2000 200MHz Pentium server. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- icmp: is this real? John Sage (Mar 31)
- Re: icmp: is this real? Chris Green (Mar 31)
- Re: icmp: is this real? John Sage (Mar 31)
- Re: icmp: is this real? Erek Adams (Mar 31)
- Re: icmp: is this real? John Sage (Apr 01)
- Re: icmp: is this real? Erek Adams (Apr 01)
- Re: icmp: is this real? John Sage (Apr 01)
- Re: icmp: is this real? John Sage (Mar 31)
- Re: icmp: is this real? Chris Green (Mar 31)
- Re: icmp: is this real? Chris Green (Apr 01)