Snort mailing list archives
Re: Icmp Ping
From: cc <cc () belfordhk com>
Date: Fri, 19 Mar 2004 10:35:54 +0800
Jim Hendrick sighed and wrote::
I agree that the box(es) involved should be thoroughly examined. It *does* seem a bit obvious for any sort of covert "communications", but still... I would also suggest watching for any other strange ICMP traffic on your LAN (not just to/from those boxes and not just with this payload).
I've been monitoring the external IP. I'm now checking out the internal IP to see if something sinister is dialing out.
Could be somone messing with a tool (and your head) or it could be something more serious. The destination IP may not even be the intended recipient (or even that important) if the "real" recipient could just
My external IP is the destination IP. Which is why I"m a bit worried. Thanks. Edmund ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Icmp Ping cc (Mar 18)
- RE: Icmp Ping Jerry Shenk (Mar 18)
- RE: Icmp Ping Jim Hendrick (Mar 18)
- Re: Icmp Ping cc (Mar 18)
- RE: Icmp Ping Jerry Shenk (Mar 19)
- Re: Icmp Ping cc (Mar 18)
- RE: Icmp Ping Jim Hendrick (Mar 18)
- RE: Icmp Ping Lucretia Enterprises (Mar 19)
- RE: Icmp Ping Jim Hendrick (Mar 18)
- RE: Icmp Ping Jerry Shenk (Mar 18)