Snort mailing list archives
Questions about sids.
From: Joao Daniel Neves <joaodanielnevesss () hotmail com>
Date: Mon, 8 Apr 2013 16:37:46 +0300
Hi, I'm a bit lost. I always have a lot of alerts of sid 1-373 ( http://www.snort.org/search/sid/1-373 ) it is PROTOCOL-ICMP PING Flowpoint2200 or Network Management Software. I think that is not a reason to bother since it is just a ping. I know that ping can be used to scan a network. But it does not seems to be the behavior of the alert. Since just one source sent 110 packages to only three IPs. And then never triged other alert. Shoud I be worried about it ?
------------------------------------------------------------------------------ Minimize network downtime and maximize team effectiveness. Reduce network management and security costs.Learn how to hire the most talented Cisco Certified professionals. Visit the Employer Resources Portal http://www.cisco.com/web/learning/employer_resources/index.html
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Questions about sids. Joao Daniel Neves (Apr 08)
- Re: Questions about sids. Joel Esler (Apr 08)