Snort mailing list archives

Re: ICMP PING CyberKit 2.2 Windows

From: Glenn Forbes Fleming Larratt <glratt () rice edu>
Date: Tue, 19 Aug 2003 22:54:34 -0500 (CDT)

According to -

 http://isc.sans.org/diary.html?date=2003-08-18

, it's un upswing in worm traffic for a worm called 'Nachi'.

Noted elsewhere is information that blocking pings altogether breaks some
damn Windows function, but blocking pings of a specific (nonstandard?)
size blocks the worm but leaves Windows OK ( to be infected by something
else, I suppose).

        -g


On Tue, 19 Aug 2003, Stevo wrote:

Guys,

So what's the deal with the 72000 odd ICMP PING CyberKit 2.2 Windows alerts
I've got in the past few days??  It's frickin crazy...  I've read the posts
on here, but what is actually causing this and is there anything I can do at
my perimeter to stop these ICMP messages hitting my network??

It's just annoying and I don't want to remove the rule that picks up on the
ICMP PING CyberKit 2.2 Windows!!

Ideas??

Stevo




-------------------------------------------------------
This SF.net email is sponsored by Dice.com.
Did you know that Dice has over 25,000 tech jobs available today? From
careers in IT to Engineering to Tech Sales, Dice has tech jobs from the
best hiring companies. http://www.dice.com/index.epl?rel_code=104
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


                                Glenn Forbes Fleming Larratt
                                Rice University Networking
                                glratt () rice edu



-------------------------------------------------------
This SF.net email is sponsored by Dice.com.
Did you know that Dice has over 25,000 tech jobs available today? From
careers in IT to Engineering to Tech Sales, Dice has tech jobs from the
best hiring companies. http://www.dice.com/index.epl?rel_code=104
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

ICMP PING CyberKit 2.2 Windows Stevo (Aug 19)
- Re: ICMP PING CyberKit 2.2 Windows Jade E. Deane (Aug 19)
- Re: ICMP PING CyberKit 2.2 Windows Paul Schmehl (Aug 19)
- Re: ICMP PING CyberKit 2.2 Windows Glenn Forbes Fleming Larratt (Aug 19)
- RE: ICMP PING CyberKit 2.2 Windows Francis A. Vidal (Aug 20)
- RE: ICMP PING CyberKit 2.2 Windows nelsbels (Aug 20)
  - RE: RE: ICMP PING CyberKit 2.2 Windows Eric Greenberg (Aug 20)
    - RE: RE: ICMP PING CyberKit 2.2 Windows Mike Feetham (Aug 20)
    - RE: RE: ICMP PING CyberKit 2.2 Windows Bryan Irvine (Aug 20)
    - Re: RE: ICMP PING CyberKit 2.2 Windows Michael Anderson (Aug 21)
    - RE: RE: ICMP PING CyberKit 2.2 Windows Arvind Clemente (Aug 21)
    - RE: RE: ICMP PING CyberKit 2.2 Windows Bryan Irvine (Aug 22)
    - Re: RE: ICMP PING CyberKit 2.2 Windows Wes Zuber (Aug 25)
    - RE: RE: ICMP PING CyberKit 2.2 Windows Francis A. Vidal (Aug 25)

(Thread continues...)