Snort mailing list archives
Re: icmp large packets & ASN.1 Attack
From: Robby Desmond <rdesmond () els ucsb edu>
Date: Wed, 06 Nov 2002 14:21:23 -0800
At 02:18 PM 11/6/02 -0800, Robert Young wrote:
I am running snort -1.9.0 and it has oversite over a network of both MAC and Windows machines. I am recieving a very large number of detects on the icmp large packets rule more from inside my net than out. Does any one know if the large ICMP packets are a trait of the MAC os 10.
Dunno about your ASN.1 problem, but everyone else keeps just saying to comment it out.
As for the macs, I've noticed that OS X and even 8 or 9 would cause NMAP alerts to fire any time they connected to the Mac file sharing on our Win2k server.
The G4s with OS X over here seem to be also causing these large-packet alerts. I don't know why, but I can tell you it is normal behavior. -Robby Robert Desmond Systems Administrator UCSB Extended Learning Services 805-893-4906 -------------------------------------------------------This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- icmp large packets & ASN.1 Attack Robert Young (Nov 06)
- Re: icmp large packets & ASN.1 Attack Robby Desmond (Nov 07)
- <Possible follow-ups>
- RE: icmp large packets & ASN.1 Attack Grime, Richard S (Nov 07)