Snort mailing list archives
ICMP w/payload of 1472 zeroes
From: Michael Sierchio <kudzu () tenebras com>
Date: Tue, 28 Oct 2003 09:24:29 -0800
This causes the "ICMP Large ICMP Packet" alert to appear, but
I'm wondering if anyone has any insight into a more specific
source. a traceroute was inconclusive wrt whether the source
IP was forged -- in the ballpark for the right TTL, but this
is 24 hours later, also modulo route asymmetry, etc.
Thanks,
Michael
--
"Well," Brahma said, "even after ten thousand explanations, a fool is no
wiser, but an intelligent man requires only two thousand five hundred."
- The Mahabharata
-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive? Does it
help you create better code? SHARE THE LOVE, and help us help
YOU! Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ICMP w/payload of 1472 zeroes Michael Sierchio (Oct 28)
- Re: ICMP w/payload of 1472 zeroes Mike Cojocea (Oct 28)
- Re: ICMP w/payload of 1472 zeroes Michael Sierchio (Oct 28)
- Re: ICMP w/payload of 1472 zeroes Michael Sierchio (Oct 31)
- Re: ICMP w/payload of 1472 zeroes Mike Cojocea (Oct 28)