Snort mailing list archives
Attempted Information Leak & Misc activity
From: "Laskowski" <cineklas () wp pl>
Date: Tue, 15 Jun 2004 21:17:57 +0200
Hi all, What is the difference between there two classifications? For example ICMP PING BSDtype belongs to Misc activity and ICMP PING NMAP belongs to Attempted Information Leak For me it's the same, so why ICMP PING BSDtype doesn't belong to Attempted Information Leak? Other examples: SNMP request tcp [**] [Classification: Attempted Information Leak] SCAN SOCKS Proxy attempt [**] [Classification: Attempted Information Leak] ICMP Destination Unreachable (Communication Administratively Prohibited) [**] [Classification: Misc activity] SCAN Squid Proxy attempt [**] [Classification: Attempted Information Leak] SCAN nmap TCP [**] [Classification: Attempted Information Leak] SCAN nmap XMAS [**] [Classification: Attempted Information Leak] ------------------------------------------------- Best Regards, Marcin
Current thread:
- Attempted Information Leak & Misc activity Laskowski (Jun 15)