Snort mailing list archives

ICMP Ping NMAP troubleshooting

From: "Stephen W. Thomas" <swthomas () techsoft com>
Date: Tue, 20 May 2003 08:08:28 -0500

I've just setup a snort & acid setup on our company network. I've noticed a lot of ICMP Ping NMAP hits coming from our 
servers and going to our W2K DNS/Terminal server. I'd like to find out if this is normal or what is generating the 
pings but I'm not sure how to track a packet with no payload back to it's source program. Also, if it's normal for my 
network, then what do most people recommend?
 
A. Ignore the thousands of hits it gets
B. Disable that one rule for the one destination.
 
Any comments would be appreciated.
 
Thanks,
Steve

Current thread:

ICMP Ping NMAP troubleshooting Stephen W. Thomas (May 20)
- Re: ICMP Ping NMAP troubleshooting Erek Adams (May 20)
- Re: ICMP Ping NMAP troubleshooting Simon Gray (May 20)
- <Possible follow-ups>
- RE: ICMP Ping NMAP troubleshooting Stephen W. Thomas (May 20)
  - RE: ICMP Ping NMAP troubleshooting Erek Adams (May 20)
- RE: ICMP Ping NMAP troubleshooting Stephen W. Thomas (May 20)
- RE: ICMP Ping NMAP troubleshooting Stephen W. Thomas (May 20)
  - RE: ICMP Ping NMAP troubleshooting [snort-users-admin () lists sourceforge net in Pass-Through List] ['snort' in Pass-Through List] ['snort-users' in Pass-Through List] ['snort' in Pass-Through List] Erek Adams (May 20)