Home page logo

snort logo Snort mailing list archives

Re: Questions about sids.
From: Joel Esler <jesler () sourcefire com>
Date: Mon, 8 Apr 2013 09:48:57 -0400

On Apr 8, 2013, at 9:37 AM, Joao Daniel Neves <joaodanielnevesss () hotmail com> wrote:

I'm a bit lost. I always have a lot of alerts of sid 1-373 ( http://www.snort.org/search/sid/1-373 ) it is 
PROTOCOL-ICMP PING Flowpoint2200 or Network Management Software.

I think that is not a reason to bother since it is just a ping. I know that ping can be used to scan a network. But 
it does not seems to be the behavior of the alert. Since just one source sent 110 packages to only three IPs. And 
then never triged other alert.

Shoud I be worried about it ? 

If it's normal for you to have those events, then no, you shouldn't be worried.

Turn the rule off.

Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire 
the most talented Cisco Certified professionals. Visit the 
Employer Resources Portal
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]