Attempted Information Leak & Misc activity

["Laskowski" <cineklas () wp pl>]

Hi all, 

What is the difference between there two classifications?
For example ICMP PING BSDtype belongs to Misc activity 
and ICMP PING NMAP belongs to Attempted Information Leak
For me it's the same, so why ICMP PING BSDtype doesn't 
belong to Attempted Information Leak?

Other examples:

SNMP request tcp [**] [Classification: Attempted Information Leak]
SCAN SOCKS Proxy attempt [**] [Classification: Attempted Information Leak] 
ICMP Destination Unreachable (Communication Administratively Prohibited) [**] [Classification: Misc activity] 
SCAN Squid Proxy attempt [**] [Classification: Attempted Information Leak]
SCAN nmap TCP [**] [Classification: Attempted Information Leak] 
SCAN nmap XMAS [**] [Classification: Attempted Information Leak] 


-------------------------------------------------
Best Regards, Marcin