Snort mailing list archives

(no subject)

From: "Jim Schwin" <jims () darbygroup com>
Date: Thu, 9 Jan 2003 09:07:33 -0500

Hello to all

 

I just started to work with snort 1.9.0. I have it install on Windows 2000.
I am currently just using the base rule set that it comes with. I have not
received any alerts same of yet. I thought the snort.conf that comes with
1.9.0 would be good enough to pick up on many intrusions. I do receive a lot
of these types 5 and type 8 messages. Is this somewhat normal?

 

01/06-14:13:32.853486 xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx

ICMP TTL:64 TOS:0x0 ID:62730 IpLen:20 DgmLen:56

Type:5  Code:1  REDIRECT HOST NEW GW: xxx.xxx.xxx.xxx

** ORIGINAL DATAGRAM DUMP:

 

 

01/07-03:24:59.285871 64.94.33.74 -> xxx.xxx.xxx.xxx

ICMP TTL:53 TOS:0x0 ID:0 IpLen:20 DgmLen:84 DF

Type:8  Code:0  ID:1784   Seq:36951  ECHO

 

 

Thanks 

 

JS

Current thread:

(no subject) counterping (Jan 07)
- <Possible follow-ups>
- (no subject) counterping (Jan 07)
- (no subject) Jim Schwin (Jan 09)
  - Re: (no subject) Erek Adams (Jan 09)
- (no subject) Michael Weiser (Jan 18)
- (no subject) Luiz Alberto Cataldo Jr (Jan 30)
- (no subject) Carmit Partoush (Feb 11)
- (no subject) Carmit Partoush (Feb 13)
  - Re: (no subject) Erek Adams (Feb 13)
- (no subject) abhi naik (Feb 14)
  - Re: (no subject) Charles Darwin (Feb 16)
  - RE: (no subject) Michael Steele (Feb 16)
- (no subject) jcosta (Feb 27)

(Thread continues...)