Snort mailing list archives
Re: ICMP PING CyberKit 2.2 rule falsing on "PingPlotter"
From: K Anderson <freebsduser () comcast net>
Date: Wed, 27 Aug 2003 00:04:32 -0700
The Robber of Zork wrote:
Not sure, but from what folks have told me it is from those darn worms. Weee, I'm up to 11,712.begin K Anderson quotation:I'm up to 10K Cyberkit 2.2's in a 24 hour period. According to ACID. I have my firewall just denying them. Really nutso here.Is this Cyberkit 2.2 garbage being generated by the worms running around, or by (gulp) Windoze users trying to "secure" their sites?
Here's some ACID stats.
Traffic Profile by Protocol
TCP (6%)
UDP (1%)
ICMP (93%)
_________________________________________________
Portscan Traffic (0%)
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ICMP PING CyberKit 2.2 rule falsing on "PingPlotter" James R. Hendrick (Aug 26)
- Re: ICMP PING CyberKit 2.2 rule falsing on "PingPlotter" K Anderson (Aug 26)
- Re: ICMP PING CyberKit 2.2 rule falsing on "PingPlotter" The Robber of Zork (Aug 26)
- Re: ICMP PING CyberKit 2.2 rule falsing on "PingPlotter" K Anderson (Aug 27)
- Re: ICMP PING CyberKit 2.2 rule falsing on "PingPlotter" Tantravahi Venkata Aditya (Aug 27)
- Re: ICMP PING CyberKit 2.2 rule falsing on "PingPlotter" The Robber of Zork (Aug 26)
- Re: ICMP PING CyberKit 2.2 rule falsing on "PingPlotter" K Anderson (Aug 26)