Kontiki Download Manager caused NMAP Ping alerts

["Arey, Jeff" <jeffrey.arey () telos com>]

Two of  our LAN users downloaded (or so they say) a Kontiki download manger,
with optional relay agents.  I noticed about 5 64-byte ICMP PING packets
every 5 seconds at the top of each minute!!!  One user generated 20,000
packets since last evening.  I found the two users, both in the same cube-
and they remembered downloading this program from CNET or similar.  Anyway,
when we killed the Kontiki program from the taskbar, the NMAP ping alerts
ceased.  It probably was a config issue on the users part, but it woke me up
with all of the NMAP alerts.  Good job Snort!

 

Jeff Arey