Snort mailing list archives

Previous By Date Next
Previous By Thread Next

ICMP w/payload of 1472 zeroes

From: Michael Sierchio <kudzu () tenebras com>
Date: Tue, 28 Oct 2003 09:24:29 -0800

This causes the "ICMP Large ICMP Packet" alert to appear, but
I'm wondering if anyone has any insight into a more specific
source.  a traceroute was inconclusive wrt whether the source
IP was forged -- in the ballpark for the right TTL, but this
is 24 hours later, also modulo route asymmetry, etc.

Thanks,

Michael

--

"Well," Brahma said, "even after ten thousand explanations, a fool is no
 wiser, but an intelligent man requires only two thousand five hundred."
                - The Mahabharata



-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: