[Snort-sigs] False positive on SID 469 (ICMP ping nmap)

Wyatt Neal wyatt.neal at ...1943...
Tue Oct 7 09:07:06 EDT 2003

I've noticed the same thing with Cisco PIX site-to-site VPN tunnels.


Professional IT Services


3732 Lovell Ave. Suite 5

Cincinnati, OH 45211


phone: 513.285.4000 x227

mobile: 513.256.5587

fax: 513.285.4000

email: wyatt.neal at ...1943... 

CONFIDENTIALITY NOTICE: This e-mail message is intended only for the
person or entity to which it is addressed and may contain confidential
and/or privileged material. Any unauthorized review, use, disclosure or
distribution is prohibited.  If you are not the intended recipient,
please contact the sender immediately by reply e-mail or call
513.285.4000 and delete all copies of the original message. This email
does not form a legally binding contract between sender and receiver.


-----Original Message-----
From: Niklas Schiffler [mailto:nick at ...1938...] 
Sent: Monday, October 06, 2003 8:03 PM
To: snort-sigs at lists.sourceforge.net
Subject: [Snort-sigs] False positive on SID 469 (ICMP ping nmap)


i don't know if this is the right place to report this:

The online update function of Avast Antivirus (www.avast.com) generates
false positives on SID 469. It seems to use a ICMP ping message with
size 0 to check if www.avast.com can be reached.


This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net

More information about the Snort-sigs mailing list