Snort mailing list archives

Q-ICMP rule/IDS202

From: mike <lists () webfargo com>
Date: Thu, 25 Apr 2002 12:42:12 -0400

Does anyone have any information about the Q-icmp rule listed as IDS202?

I am seeing alerts on this rule, but cannot find any good information aboutit. What causes it, what other traffic to look for, etc?

The ICMP packets I am seeing are coming from broadcast 255.255.255.255going to a single host and contains "Hello, is anybody home?."


mike

---------------------------------------------------------------------
www.webfargo.com
CCDA   CCNA   CCSA   CCSE   MCP+I   MCSE
PGP key available


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Q-ICMP rule/IDS202 mike (Apr 25)
- <Possible follow-ups>
- RE: Q-ICMP rule/IDS202 Wirth, Jeff (Apr 25)
  - ACID bug with archiving Anton A. Chuvakin (Apr 25)