Snort mailing list archives
Re: ICMP PING CyberKit 2.2 Windows
From: Glenn Forbes Fleming Larratt <glratt () rice edu>
Date: Tue, 19 Aug 2003 22:54:34 -0500 (CDT)
According to - http://isc.sans.org/diary.html?date=2003-08-18 , it's un upswing in worm traffic for a worm called 'Nachi'. Noted elsewhere is information that blocking pings altogether breaks some damn Windows function, but blocking pings of a specific (nonstandard?) size blocks the worm but leaves Windows OK ( to be infected by something else, I suppose). -g On Tue, 19 Aug 2003, Stevo wrote:
Guys, So what's the deal with the 72000 odd ICMP PING CyberKit 2.2 Windows alerts I've got in the past few days?? It's frickin crazy... I've read the posts on here, but what is actually causing this and is there anything I can do at my perimeter to stop these ICMP messages hitting my network?? It's just annoying and I don't want to remove the rule that picks up on the ICMP PING CyberKit 2.2 Windows!! Ideas?? Stevo ------------------------------------------------------- This SF.net email is sponsored by Dice.com. Did you know that Dice has over 25,000 tech jobs available today? From careers in IT to Engineering to Tech Sales, Dice has tech jobs from the best hiring companies. http://www.dice.com/index.epl?rel_code=104 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Glenn Forbes Fleming Larratt Rice University Networking glratt () rice edu ------------------------------------------------------- This SF.net email is sponsored by Dice.com. Did you know that Dice has over 25,000 tech jobs available today? From careers in IT to Engineering to Tech Sales, Dice has tech jobs from the best hiring companies. http://www.dice.com/index.epl?rel_code=104 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ICMP PING CyberKit 2.2 Windows Stevo (Aug 19)
- Re: ICMP PING CyberKit 2.2 Windows Jade E. Deane (Aug 19)
- Re: ICMP PING CyberKit 2.2 Windows Paul Schmehl (Aug 19)
- Re: ICMP PING CyberKit 2.2 Windows Glenn Forbes Fleming Larratt (Aug 19)
- RE: ICMP PING CyberKit 2.2 Windows Francis A. Vidal (Aug 20)
- RE: ICMP PING CyberKit 2.2 Windows nelsbels (Aug 20)
- RE: RE: ICMP PING CyberKit 2.2 Windows Eric Greenberg (Aug 20)
- RE: RE: ICMP PING CyberKit 2.2 Windows Mike Feetham (Aug 20)
- RE: RE: ICMP PING CyberKit 2.2 Windows Bryan Irvine (Aug 20)
- Re: RE: ICMP PING CyberKit 2.2 Windows Michael Anderson (Aug 21)
- RE: RE: ICMP PING CyberKit 2.2 Windows Arvind Clemente (Aug 21)
- RE: RE: ICMP PING CyberKit 2.2 Windows Bryan Irvine (Aug 22)
- Re: RE: ICMP PING CyberKit 2.2 Windows Wes Zuber (Aug 25)
- RE: RE: ICMP PING CyberKit 2.2 Windows Francis A. Vidal (Aug 25)
- RE: RE: ICMP PING CyberKit 2.2 Windows Eric Greenberg (Aug 20)