Snort mailing list archives

ICMP Large PAcket

From: "Jose Ramon Hernandez Macias" <jhernandez () alestra com mx>
Date: Thu, 20 Mar 2003 11:11:53 -0600


Hi dudes,

I´m actually receiving a lot of ICMP Large Packet alerts, after I analyzed
most of the packets I´ve seen all of them
are echo request packets with a size of 1472 bytes of NULL, so the alarm is
triggered with >800 . My question is
do you recommend me to increase the size to >1472 or >1500 ?

Thanks

Jose
"Rapidity is the essence of war: take advantage of the enemy´s unreadiness,
make your way by unexpected routes, and attack unguarded spots." -- Sun Tzu





-------------------------------------------------------
This SF.net email is sponsored by: Tablet PC.
Does your code think in ink? You could win a Tablet PC.
Get a free Tablet PC hat just for playing. What are you waiting for?
http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

ICMP Large PAcket Jose Ramon Hernandez Macias (Mar 20)
- Re: ICMP Large PAcket Matt Kettler (Mar 20)
- Re: ICMP Large PAcket Jeff Nathan (Mar 20)
- <Possible follow-ups>
- Re: ICMP Large PAcket Jose Ramon Hernandez Macias (Mar 20)