Snort mailing list archives

Re: link between MP3 sites and Cyberkit pings ?

From: Erek Adams <erek () snort org>
Date: Fri, 22 Aug 2003 13:12:40 -0400 (EDT)

On Thu, 21 Aug 2003, Jean Michel BARBET wrote:

My sensor is also alerting on CyberKit Pings since August, 15th.
There are two cases :

a) one external IP pings several hosts on our LAN (kind of ICPM scan).

b) 2 specific hosts on our LAN are the target of more than 50% of the
    Cyberkit ping traffic.

I do not understand b). The only clue is that both host have been
used to connect to MP3 sites.

=> any similar experience ? explanation ?


Only about a billion of them...

http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html
http://www.cisco.com/warp/public/707/cisco-sn-20030820-nachi.shtml

It's been all over the list the last few days...  :)  List archives are
wonderful things [0].

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


[0]     http://marc.theaimsgroup.com/?l=snort-users&w=2&r=1&s=cyberkit&q=b


-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

link between MP3 sites and Cyberkit pings ? Jean Michel BARBET (Aug 22)
- Re: link between MP3 sites and Cyberkit pings ? Erek Adams (Aug 22)
- Snort Query for IDS centre. sanjeevs (Aug 29)
  - Re: Snort Query for IDS centre. Erek Adams (Aug 29)
- <Possible follow-ups>
- RE: link between MP3 sites and Cyberkit pings ? Williams Jon (Aug 22)