[Snort-users] IDS246 after smtp connection?
jpp at ...230...
Tue Aug 1 19:37:59 EDT 2000
I've been seeing "IDS246 - MISC - Large ICMP Packet" from a number of
hosts. It's generally logged while my system is in the process of talking
to that host for some other reason (mail is the usual one). The actual
ICMP packet is a 1472 byte echo request with DF set (typically three of them)
My question is why am I getting these - why would anybody send me big pings
when I'm sending them mail?
John Pettitt <jpp at ...230...> AOL-IM: CanisRosa
SigInt bait ;-)
A big hello to the folks at Fort Meade, Menwith Hill and Pine Gap.
Keywords: NSA, Echelon, GCHQ, F83, Magnum, Mentor, P415, STEEPLEBUSH
More information about the Snort-users