Snort mailing list archives

Re: CyberKit 2.2 Ping, its driven me Nuts..

From: alexanderhampel () netscape net (Alexander Hampel)
Date: Mon, 29 Dec 2003 14:55:47 -0500

I use a custom cron script, that checks every minute for CyberKit 2.2 alerts originating from within our Class B 
network. It gets the MAC address of the offending PC through 'nbtscan', and sends popup warning messages to the 
offender via 'smbclient -M'. It further logs the offending PC's NetBIOS name, IP, MAC, and sends out a text page via 
'mailto', so the antivirus team can take care of the infected PC.

External Cyberkit 2.2 alerts are being ignored. Incoming ports 135 and tftp are of course blocked at the firewall to 
prevent infection from the outside.

Alexander



Erwin Van de Velde <erwin.vandevelde () ua ac be> wrote:

Hi,

Commenting it out will make you bind for internal infections!!!
I don't think it is good to comment it out, just adapt it if you really want 
to get rid of the alerts. Otherwise: filtering afterwards on alerts itself. 
This way you will keep statistical information on virus activity, which can 
be nice to show your boss :-)
It's also a good thing to keep an eye on general internet activity and 
commenting all those nasty alerts out isn't the way to do that.

Greetings,
Erwin Van de Velde
Student of Antwerp University
Belgium



On Monday 29 December 2003 17:51, Bryan Irvine wrote:

I commented that rule out.

On Mon, 2003-12-29 at 10:51, Chris N wrote:

Fellow Snorters,

Ok, I have had enough of this "CyberKit 2.2 Ping." How are some of you
guys dealing with it? Do you just ignore(pass), log every one, or go and
try to shut the offending hosts down? Although, trying to shutdown all
the offending host could be a daunting task, since there are so dam many.

Chris



-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


__________________________________________________________________
New! Unlimited Access from the Netscape Internet Service.
Beta test the new Netscape Internet Service for only $1.00 per month until 3/1/04.
Sign up today at http://isp.netscape.com/register
Act now to get a personalized email address!

Netscape. Just the Net You Need.


-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: CyberKit 2.2 Ping, its driven me Nuts.., (continued)
- - - Re: CyberKit 2.2 Ping, its driven me Nuts.. Erwin Van de Velde (Dec 29)
    - RE: CyberKit 2.2 Ping, its driven me Nuts.. Michael Steele (Dec 29)
    - Re: CyberKit 2.2 Ping, its driven me Nuts.. Bryan Irvine (Dec 29)
- SUMMARY, CyberKit 2.2 Ping, its driven me Nuts.. Chris N (Dec 31)
  - Re: SUMMARY, CyberKit 2.2 Ping, its driven me Nuts.. Jeff Kell (Dec 31)
- RE: CyberKit 2.2 Ping, its driven me Nuts.. CMartin (Dec 29)
  - RE: CyberKit 2.2 Ping, its driven me Nuts.. Bryan Irvine (Dec 29)
- Re: CyberKit 2.2 Ping, its driven me Nuts.. dlbox (Dec 29)
- RE: CyberKit 2.2 Ping, its driven me Nuts.. Thompson, Jimi (Dec 29)
  - Re: CyberKit 2.2 Ping, its driven me Nuts.. Matthew L. McCarty (Dec 29)
- Re: CyberKit 2.2 Ping, its driven me Nuts.. Alexander Hampel (Dec 29)
- RE: CyberKit 2.2 Ping, its driven me Nuts.. CGhercoias (Dec 29)
- Re: CyberKit 2.2 Ping, its driven me Nuts.. lindsay . hunt (Dec 30)