Snort mailing list archives
Re: tippingpoint]
From: Geoff <gpoer () arizona edu>
Date: Fri, 17 Oct 2003 10:55:49 -0700
Then we wouldn't see them. Of course, that would be a new generation of worm and a new signature could be written. We would then need to make the same decision of where we care about ICMP echo requests with 0xee[62] in the payload.
But this is an old discussion, Geof Michael Sierchio wrote:
Geoff wrote: > ... We also dropped ICMP Welchiapackets, they consist of an echo request with 64 A's. ...There seems to be more than one source of packets with 0xaa in the ICMP payload. And what is it that generates ICMP echo requests with 0x45 ('E') as the payload? Tak, kudzu
------------------------------------------------------- This SF.net email sponsored by: Enterprise Linux Forum Conference & ExpoThe Event For Linux Datacenter Solutions & Strategies in The Enterprise Linux in the Boardroom; in the Front Office; & in the Server Room http://www.enterpriselinuxforum.com
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: tippingpoint] Geoff (Oct 16)
- Re: tippingpoint] John Sage (Oct 17)
- Re: tippingpoint] Frank Knobbe (Oct 17)
- Re: tippingpoint] Gary Flynn (Oct 17)
- Message not available
- Re: tippingpoint] John Sage (Oct 19)
- Re: tippingpoint] John Sage (Oct 17)
- Re: tippingpoint] Michael Sierchio (Oct 17)
- Re: tippingpoint] Geoff (Oct 17)
- <Possible follow-ups>
- FW: tippingpoint] Geoff Poer (Oct 20)