[Snort-users] 13 instances of ping bsd

jess at ...521... jess at ...521...
Tue Nov 28 06:53:51 EST 2000

	Hi, Mark.

	The fact that you receive 13 packets from different IPs at the
same time is a quite clear proof that you have been scanned by someone who
does not want you to know his real address. He is hiding it under 12
(probably valid) other addresses. This is known as "decoy" and many tools,
including nmap, are capable of doing it.

	The fact that they have the same MAC address is quite normal. What
you are seing there is most probably de MAC address of your most
internal router.

	By the way, I'm seing a lot of those scans lately.



More information about the Snort-users mailing list