Snort mailing list archives

MISC same SRC/DST from broadcast ..

From: "Dushyanth Harinath" <dushy () archeanit com>
Date: Fri, 28 Sep 2001 16:11:06 +0530 (IST)
Hi,

Iam getting this alerts involving broadcast addresses.How can i find out
why this is triggerd.Does this happen if someone pings to the broadcast
address ?.

Generated by ACID v0.9.6b15 on Fri September 28, 2001 16:05:21

------------------------------------------------------------------------------#(1 - 13531) [2001-09-27 16:21:07]  MISC 
same SRC/DST
IPv4: 255.255.255.255 -> 255.255.255.255
hlen=5 TOS=24 dlen=28 ID=242 flags=0 offset=0 TTL=48 chksum=35288
ICMP: type=Echo Request code=0
checksum=63240 id=242 seq=5
Payload: none
------------------------------------------------------------------------------#(1 - 13532) [2001-09-27 16:21:07]  MISC 
same SRC/DST
IPv4: 255.255.255.255 -> 255.255.255.255
hlen=5 TOS=24 dlen=28 ID=242 flags=0 offset=0 TTL=48 chksum=35288
ICMP: type=Echo Request code=0
checksum=63240 id=242 seq=5
Payload: none
------------------------------------------------------------------------------#(1 - 13533) [2001-09-27 16:21:07]  MISC 
same SRC/DST
IPv4: 255.255.255.255 -> 255.255.255.255
hlen=5 TOS=24 dlen=28 ID=242 flags=0 offset=0 TTL=48 chksum=35288
ICMP: type=Echo Request code=0
checksum=63240 id=242 seq=5
Payload: none
------------------------------------------------------------------------------#(1 - 13534) [2001-09-27 16:21:07]  MISC 
same SRC/DST
IPv4: 255.255.255.255 -> 255.255.255.255
hlen=5 TOS=24 dlen=28 ID=242 flags=0 offset=0 TTL=48 chksum=35288
ICMP: type=Echo Request code=0
checksum=63240 id=242 seq=5
Payload: none
------------------------------------------------------------------------------#(1 - 13535) [2001-09-27 16:21:07]  MISC 
same SRC/DST
IPv4: 255.255.255.255 -> 255.255.255.255
hlen=5 TOS=24 dlen=28 ID=242 flags=0 offset=0 TTL=48 chksum=35288
ICMP: type=Echo Request code=0
checksum=63240 id=242 seq=5
Payload: none
------------------------------------------------------------------------------#(1 - 13536) [2001-09-27 16:21:07]  MISC 
same SRC/DST
IPv4: 255.255.255.255 -> 255.255.255.255
hlen=5 TOS=24 dlen=28 ID=242 flags=0 offset=0 TTL=48 chksum=35288
ICMP: type=Echo Request code=0
checksum=63240 id=242 seq=5
Payload: none
------------------------------------------------------------------------------#(1 - 13537) [2001-09-27 16:21:07]  MISC 
same SRC/DST
IPv4: 255.255.255.255 -> 255.255.255.255
hlen=5 TOS=24 dlen=28 ID=242 flags=0 offset=0 TTL=48 chksum=35288
ICMP: type=Echo Request code=0
checksum=63240 id=242 seq=5
Payload: none
------------------------------------------------------------------------------#(1 - 13538) [2001-09-27 16:21:07]  MISC 
same SRC/DST
IPv4: 255.255.255.255 -> 255.255.255.255
hlen=5 TOS=24 dlen=28 ID=242 flags=0 offset=0 TTL=48 chksum=35288
ICMP: type=Echo Request code=0
checksum=63240 id=242 seq=5
Payload: none
------------------------------------------------------------------------------#(1 - 13539) [2001-09-27 16:21:07]  MISC 
same SRC/DST
IPv4: 255.255.255.255 -> 255.255.255.255
hlen=5 TOS=24 dlen=28 ID=242 flags=0 offset=0 TTL=48 chksum=35288
ICMP: type=Echo Request code=0
checksum=63240 id=242 seq=5
Payload: none
------------------------------------------------------------------------------#(1 - 13540) [2001-09-27 16:21:07]  MISC 
same SRC/DST
IPv4: 255.255.255.255 -> 255.255.255.255
hlen=5 TOS=24 dlen=28 ID=242 flags=0 offset=0 TTL=48 chksum=35288
ICMP: type=Echo Request code=0
checksum=63240 id=242 seq=5
Payload: none

regards
dushyanth

--
First they ignore you,            | Dushyanth Harinath
then they laugh at you,           | Programmer/SysAdmin
then they fight you,              | Archean Infotech
then you win.- Mahatma Gandhi     | http://www.archeanit.com
(possibly not talking about Linux)|



-----------------------------------------
This email was sent using SquirrelMail.
   "Webmail for nuts!"
http://squirrelmail.org/



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:

MISC same SRC/DST from broadcast .. Dushyanth Harinath (Sep 28)