Snort mailing list archives
ICMP w/payload of 1472 zeroes
From: Michael Sierchio <kudzu () tenebras com>
Date: Tue, 28 Oct 2003 09:24:29 -0800
This causes the "ICMP Large ICMP Packet" alert to appear, but I'm wondering if anyone has any insight into a more specific source. a traceroute was inconclusive wrt whether the source IP was forged -- in the ballpark for the right TTL, but this is 24 hours later, also modulo route asymmetry, etc. Thanks, Michael -- "Well," Brahma said, "even after ten thousand explanations, a fool is no wiser, but an intelligent man requires only two thousand five hundred." - The Mahabharata ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ICMP w/payload of 1472 zeroes Michael Sierchio (Oct 28)
- Re: ICMP w/payload of 1472 zeroes Mike Cojocea (Oct 28)
- Re: ICMP w/payload of 1472 zeroes Michael Sierchio (Oct 28)
- Re: ICMP w/payload of 1472 zeroes Michael Sierchio (Oct 31)
- Re: ICMP w/payload of 1472 zeroes Mike Cojocea (Oct 28)