Snort mailing list archives
Re: ICMP PING CyberKit 2.2 rule falsing on "PingPlotter"
From: K Anderson <freebsduser () comcast net>
Date: Wed, 27 Aug 2003 00:04:32 -0700
The Robber of Zork wrote:
Not sure, but from what folks have told me it is from those darn worms. Weee, I'm up to 11,712.begin K Anderson quotation:I'm up to 10K Cyberkit 2.2's in a 24 hour period. According to ACID. I have my firewall just denying them. Really nutso here.Is this Cyberkit 2.2 garbage being generated by the worms running around, or by (gulp) Windoze users trying to "secure" their sites?
Here's some ACID stats. Traffic Profile by Protocol TCP (6%) UDP (1%) ICMP (93%) _________________________________________________ Portscan Traffic (0%) ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ICMP PING CyberKit 2.2 rule falsing on "PingPlotter" James R. Hendrick (Aug 26)
- Re: ICMP PING CyberKit 2.2 rule falsing on "PingPlotter" K Anderson (Aug 26)
- Re: ICMP PING CyberKit 2.2 rule falsing on "PingPlotter" The Robber of Zork (Aug 26)
- Re: ICMP PING CyberKit 2.2 rule falsing on "PingPlotter" K Anderson (Aug 27)
- Re: ICMP PING CyberKit 2.2 rule falsing on "PingPlotter" Tantravahi Venkata Aditya (Aug 27)
- Re: ICMP PING CyberKit 2.2 rule falsing on "PingPlotter" The Robber of Zork (Aug 26)
- Re: ICMP PING CyberKit 2.2 rule falsing on "PingPlotter" K Anderson (Aug 26)