[Snort-users] 13 instances of ping bsd

Mark Rowlands mark.rowlands at ...752...
Tue Nov 28 07:51:08 EST 2000


On Tuesday 28 November 2000 12:53, jess at ...521... wrote:
> Hi, Mark.
>
> 	The fact that you receive 13 packets from different IPs at the
> same time is a quite clear proof that you have been scanned by someone who
> does not want you to know his real address. He is hiding it under 12
> (probably valid) other addresses. This is known as "decoy" and many tools,
> including nmap, are capable of doing it.
>
> 	The fact that they have the same MAC address is quite normal. What
> you are seing there is most probably de MAC address of your most
> internal router.
>
> 	By the way, I'm seing a lot of those scans lately.
>
> 	Cheers,
>
yes, i appreciate that, but what information, other than the presence of a 
live host at this ip , can be gleaned from this information, also seems 
counter productive, one ping I would have not even have bothered, but now my 
curiosity has been aroused....



More information about the Snort-users mailing list