[Snort-users] 13 instances of ping bsd
mark.rowlands at ...752...
Tue Nov 28 07:51:08 EST 2000
On Tuesday 28 November 2000 12:53, jess at ...521... wrote:
> Hi, Mark.
> The fact that you receive 13 packets from different IPs at the
> same time is a quite clear proof that you have been scanned by someone who
> does not want you to know his real address. He is hiding it under 12
> (probably valid) other addresses. This is known as "decoy" and many tools,
> including nmap, are capable of doing it.
> The fact that they have the same MAC address is quite normal. What
> you are seing there is most probably de MAC address of your most
> internal router.
> By the way, I'm seing a lot of those scans lately.
yes, i appreciate that, but what information, other than the presence of a
live host at this ip , can be gleaned from this information, also seems
counter productive, one ping I would have not even have bothered, but now my
curiosity has been aroused....
More information about the Snort-users