Snort mailing list archives
Re: link between MP3 sites and Cyberkit pings ?
From: Erek Adams <erek () snort org>
Date: Fri, 22 Aug 2003 13:12:40 -0400 (EDT)
On Thu, 21 Aug 2003, Jean Michel BARBET wrote:
My sensor is also alerting on CyberKit Pings since August, 15th. There are two cases : a) one external IP pings several hosts on our LAN (kind of ICPM scan). b) 2 specific hosts on our LAN are the target of more than 50% of the Cyberkit ping traffic. I do not understand b). The only clue is that both host have been used to connect to MP3 sites. => any similar experience ? explanation ?
Only about a billion of them... http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html http://www.cisco.com/warp/public/707/cisco-sn-20030820-nachi.shtml It's been all over the list the last few days... :) List archives are wonderful things [0]. ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson [0] http://marc.theaimsgroup.com/?l=snort-users&w=2&r=1&s=cyberkit&q=b ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- link between MP3 sites and Cyberkit pings ? Jean Michel BARBET (Aug 22)
- Re: link between MP3 sites and Cyberkit pings ? Erek Adams (Aug 22)
- Snort Query for IDS centre. sanjeevs (Aug 29)
- Re: Snort Query for IDS centre. Erek Adams (Aug 29)
- <Possible follow-ups>
- RE: link between MP3 sites and Cyberkit pings ? Williams Jon (Aug 22)