Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Large ICMP packets in the rule

From: "Edwin Pua" <edwin1118 () hotmail com>
Date: Thu, 14 Feb 2002 10:23:30 +0000
Hi,
Just want to clarify the ICMP packets in this rule. How large is the ICMP packets before alerting the snort? coz i have received 5 to 10 MISC Large ICMP Packet in just few minutes? Am i being flooded or attacked by DOS if it appears? 

   Thanks for your info.

edwin
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"MISC Large ICMP Packet"; dsize: >800; reference:arachnids,2 
46; classtype:bad-unknown; sid:499; rev:1;)



_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail. http://www.hotmail.com 


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: