[Snort-sigs] Sig #
rwilson at ...2651...
Tue Jul 20 05:55:38 EDT 2004
# This is a template for submitting snort signature descriptions to
# the snort.org website
# Ensure that your descriptions are your own
# and not the work of others. References in the rules themselves
# should be used for linking to other's work.
# If you are unsure of some part of a rule, use that as a commentary
# and someone else perhaps will be able to fix it.
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP L3retriever
Ping"; icode:0; itype:8; content:"ABCDEFGHIJKLMNOPQRSTUVWABCDEFGHI";
depth:32; reference:arachnids,311; classtype:attempted-recon; sid:466;
Ease of Attack:
I believe that a False Positive may be generated while mounting a
remote SMB share.
More information about the Snort-sigs