Snort mailing list archives
RE: small ?
From: tomb () hamshack info
Date: Thu, 27 Nov 2003 10:02:33 -0700 (MST)
thk y'all i found my problem i had a couple virus on my windows box thk agin Tom
We get these from the Welchia Virus. It performs ping scans that happen to match this CyberKit rule. -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of tomb () hamshack info Sent: Monday, November 24, 2003 11:32 AM To: snort-users () lists sourceforge net Subject: [Snort-users] small ? when i run Snort -D and i tail -f my log file i get a bunch of alert like this [**] [1:483:2] ICMP PING CyberKit 2.2 Windows [**] [Classification: Misc activity] [Priority: 3] 11/18-09:58:36.586829 my.ip -> y.y.y.y ICMP TTL:127 TOS:0x0 ID:4826 IpLen:20 DgmLen:92 Type:8 Code:0 ID:512 Seq:60000 ECHO [Xref => http://www.whitehats.com/info/IDS154] so my question is why?\ THK Tom ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- small ? tomb (Nov 24)
- <Possible follow-ups>
- RE: small ? Jacob Roberts (Nov 24)
- RE: small ? tomb (Nov 27)
- small ? tomb (Nov 24)
- RE: small ? SRH-Lists (Nov 24)