[Snort-users] IDS246 after smtp connection?

John Pettitt jpp at ...230...
Tue Aug 1 19:37:59 EDT 2000


I've been seeing "IDS246 - MISC - Large ICMP Packet" from a number of 
hosts.  It's generally logged while my system is in the process of talking 
to that host for some other reason (mail is the usual one).    The actual 
ICMP packet is a 1472 byte echo request with DF set (typically three of them)

My question is why am I getting these - why would anybody send me big pings 
when I'm sending them mail?

John

John Pettitt <jpp at ...230...>  AOL-IM: CanisRosa

SigInt bait ;-)
    A big hello to the folks at Fort Meade, Menwith Hill and Pine Gap.
    Keywords: NSA, Echelon, GCHQ, F83, Magnum, Mentor, P415, STEEPLEBUSH






More information about the Snort-users mailing list