Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Portscan with ICMP?

From: Edin Dizdarevic <edin.dizdarevic () interActive-Systems de>
Date: Tue, 15 Apr 2003 11:31:21 +0200

Hello all,

is anybody else becominng alerts from portscan2 with ICMP?

What does it mean? The number of ICMP Packets exceeding the treshold?

Nice feature to detect $flooding... ;)

Regards,

Edin

Generated by ACID v0.9.6b23 on Tue, 15 Apr 2003 11:26:51 +0200

------------------------------------------------------------------------------
#(1 - 5) [2003-04-09 15:29:44] [snort/1] (spp_portscan2) Portscan detected from xxx.xxx.xxx.xxx: 4 targets 6 ports in 0 seconds 
IPv4: xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx
      hlen=5 TOS=0 dlen=84 ID=0 flags=0 offset=0 TTL=63 chksum=52602
ICMP: type=Echo Request code=0
      checksum=60966 id= seq=
Payload: ...&gt;_g.......................... !"#$%&amp;\'()*+,-./01


(Snort 1.9.1 on Linux)

--
Edin Dizdarevic



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: