Snort mailing list archives
Portscan with ICMP?
From: Edin Dizdarevic <edin.dizdarevic () interActive-Systems de>
Date: Tue, 15 Apr 2003 11:31:21 +0200
Hello all, is anybody else becominng alerts from portscan2 with ICMP? What does it mean? The number of ICMP Packets exceeding the treshold? Nice feature to detect $flooding... ;) Regards, Edin Generated by ACID v0.9.6b23 on Tue, 15 Apr 2003 11:26:51 +0200 ------------------------------------------------------------------------------#(1 - 5) [2003-04-09 15:29:44] [snort/1] (spp_portscan2) Portscan detected from xxx.xxx.xxx.xxx: 4 targets 6 ports in 0 seconds
IPv4: xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx hlen=5 TOS=0 dlen=84 ID=0 flags=0 offset=0 TTL=63 chksum=52602 ICMP: type=Echo Request code=0 checksum=60966 id= seq= Payload: ...>_g.......................... !"#$%&\'()*+,-./01 (Snort 1.9.1 on Linux) -- Edin Dizdarevic ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Portscan with ICMP? Edin Dizdarevic (Apr 15)