Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Icmp Ping

From: cc <cc () belfordhk com>
Date: Fri, 19 Mar 2004 10:35:54 +0800
Jim Hendrick sighed and wrote::


I agree that the box(es) involved should be thoroughly examined. It
*does* seem a bit obvious for any sort of covert "communications", but
still...

I would also suggest watching for any other strange ICMP traffic on your
LAN (not just to/from those boxes and not just with this payload).


I've been monitoring the external IP.   I'm now checking out the
internal IP to see if something sinister is dialing out.



Could be somone messing with a tool (and your head) or it could be
something more serious. The destination IP may not even be the intended
recipient (or even that important) if the "real" recipient could just


My external IP is the destination IP.  Which is why I"m a bit worried.

Thanks.

Edmund


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: