Snort mailing list archives

ICMP DB Issues

From: "Joshua Berry" <jberry () PENSON COM>
Date: Tue, 20 Jul 2004 13:04:09 -0500

I have had an issue for some time where I will get alerts such as "DDOS
- TFN client command LE" which revolves around the ICMP ID, ICMP
Sequence, and Type.  However, the ICMP ID and Sequence is NEVER entered
into the database, just the Type and Code.  Has anyone else noticed
this?

 
Josh Berry, CISSP & MCSE 
Information Security
214-765-1296
 
-------------------------------------------------------------------- 
If you spend more on coffee than on IT security, you will be hacked. 
What's more, you deserve to be hacked. 
     -- (Former) White House Cybersecurity adviser Richard Clarke 



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idG21&alloc_id040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

ICMP DB Issues Joshua Berry (Jul 20)
- Re: ICMP DB Issues sekure (Jul 20)
- <Possible follow-ups>
- RE: ICMP DB Issues Joshua Berry (Jul 20)
  - Re: ICMP DB Issues sekure (Jul 20)
- RE: ICMP DB Issues Joshua Berry (Jul 20)
- RE: ICMP DB Issues Joshua Berry (Jul 20)