Snort mailing list archives
ICMP Large PAcket
From: "Jose Ramon Hernandez Macias" <jhernandez () alestra com mx>
Date: Thu, 20 Mar 2003 11:11:53 -0600
Hi dudes, I´m actually receiving a lot of ICMP Large Packet alerts, after I analyzed most of the packets I´ve seen all of them are echo request packets with a size of 1472 bytes of NULL, so the alarm is triggered with >800 . My question is do you recommend me to increase the size to >1472 or >1500 ? Thanks Jose "Rapidity is the essence of war: take advantage of the enemy´s unreadiness, make your way by unexpected routes, and attack unguarded spots." -- Sun Tzu ------------------------------------------------------- This SF.net email is sponsored by: Tablet PC. Does your code think in ink? You could win a Tablet PC. Get a free Tablet PC hat just for playing. What are you waiting for? http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ICMP Large PAcket Jose Ramon Hernandez Macias (Mar 20)
- Re: ICMP Large PAcket Matt Kettler (Mar 20)
- Re: ICMP Large PAcket Jeff Nathan (Mar 20)
- <Possible follow-ups>
- Re: ICMP Large PAcket Jose Ramon Hernandez Macias (Mar 20)