Security Incidents mailing list archives
Re: IDS246 Large ICMP Packet
From: Jan Muenther <jan () RADIO HUNDERT6 DE>
Date: Thu, 16 Nov 2000 19:09:05 +0100
Hi there,
[**] IDS246 - MISC - Large ICMP Packet [**] 11/13-12:53:37.296852 32.96.212.11 -> 200.210.111.132 ICMP TTL:247 TOS:0x0 ID:10257 DF ID:48282 Seq:61662 ECHO
This seems common.
Is anyone else being hit by this machine? I ran an NMAP on it and it's apparently some kind of proxy but these ICMP warnings are really annoying me!
Not by this machine, but by this phenomenon. I think it's a specificum of AIX. It send ICMP packets with a payload of 0s. I think it does so to determine the max. MTU of your router or something. Check the mail archives of the snort list, it's almost a FAQ ;o)) Oh, and yes, it does get on my nerves, too ;o)) Bye, Jan -- Radio HUNDERT,6 Medien GmbH Berlin - EDV - j.muenther () radio hundert6 de
Current thread:
- IDS246 Large ICMP Packet Andre Kajita - Administrador da Rede (Nov 17)
- Re: IDS246 Large ICMP Packet Jan Muenther (Nov 18)
- Re: IDS246 Large ICMP Packet Valdis Kletnieks (Nov 18)
- <Possible follow-ups>
- Re: IDS246 Large ICMP Packet Bevan, Graham (Nov 18)