Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: small ?

From: SRH-Lists <giermo () 333tech com>
Date: Mon, 24 Nov 2003 13:18:02 -0600

when i run Snort -D and i tail -f my log file  i get a bunch of
alert like this
[**] [1:483:2] ICMP PING CyberKit 2.2 Windows [**]
[Classification: Misc activity] [Priority: 3]
11/18-09:58:36.586829 my.ip -> y.y.y.y
ICMP TTL:127 TOS:0x0 ID:4826 IpLen:20 DgmLen:92
Type:8  Code:0  ID:512   Seq:60000  ECHO
[Xref => http://www.whitehats.com/info/IDS154]

so my question is why?\


The answer is Nachi/Welchia.

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100559
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm
.html

-steve


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: