[Snort-users] nmap TCP ping

Jan Muenther jan at ...206...
Fri Aug 25 07:49:57 EDT 2000


Hmm...
I found these in my logs. 

[**] ICMP Destination Unreachable [**]
08/25-12:51:53.239562 xx.xxx.xxx.xxx -> 195.54.105.6
ICMP TTL:64 TOS:0xC0 ID:4462 
DESTINATION UNREACHABLE: PORT UNREACHABLE

[**] IDS028 - PING NMAP TCP [**]
08/25-12:51:53.245934 195.54.105.6:80 -> xx.xxx.xxx.xxx:2347
TCP TTL:38 TOS:0x0 ID:10650 
******A* Seq: 0x362   Ack: 0x0   Win: 0x578

Am I right in guessing these two _together_ make a typical nmap
-sP ping thing (snort-wise)?


More information about the Snort-users mailing list