Snort mailing list archives

AW: Normal Traffic???

From: "Pesek Wolfgang (Mail)" <WPesek () council net>
Date: Thu, 11 Oct 2001 21:02:59 +0200
This looks like some host inside your network is sending large ICMP Packets
! 
Obviously this is due to the fact that someone from the outside is pinging
your IP with a simple ping but a no so fine option - in that case to tell
ping how much bytes of data shall be sent with the ECHO-REQUEST. Normally
this is executed with only 8-26 bytes,
(if i remember correctly from the great document from Ofir Arkin "ICMP-Usage
Scanning" thanks for this masterpiece, by the way. I saw you around this
list already :-) ).
 
This can lead to a DoS, so i´d rather block ICMP-Traffic on your firewall
for a time.
 
----Ursprüngliche Nachricht-----
Von: Muscat, Tyrone J. [mailto:MUSCATTJ () wattsind com]
Gesendet: Donnerstag, 11. Oktober 2001 20:10
An: 'snort-users () lists sourceforge net'
Betreff: [Snort-users] Normal Traffic???



This traffic is coming from my internal network out through my firewall....
is this normal or should I be worried.... 


[**] IDS246/dos_dos-large-icmp [**] 
10/11-13:59:15.554696 0:3:47:B:F0:50 -> 0:2:FD:1E:25:ED type:0x800 len:0x5EA

xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx ICMP TTL:126 TOS:0x0 ID:12980 IpLen:20
DgmLen:1500 DF 
Type:0  Code:0  ID:1080  Seq:61662  ECHO REPLY 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
. 
. 
. 
. 
. 

Ty Muscat 
Watt Regulator
815 Chestnut Street
North Andover, MA 01845 
Phone: 978-689-6036
Fax: 978-689-6115
Current thread:

AW: Normal Traffic??? Pesek Wolfgang (Mail) (Oct 11)