[Snort-users] Large ICMP packets

Fernando Cardoso fernando at ...498...
Mon Oct 2 05:55:47 EDT 2000


Hi

I did some homework on this since I'm getting some ICMP Large Packets alarms
also. I did some OS fingerprinting on some hosts that deployed the alert and
the response was all the same: AIX 4.3.2.0-4.3.3.0 on an IBM RS/*.

Fernando 


_________________________________________________________
Fernando Cardoso			Phone:	+351 21 7982186
Network Administrator		Fax:		+351 21 7982185
National Library			E-mail:	fernando at ...498...
Portugal				PGP ID:	28551CB8 


> 
> 
> Jess,
> 
> The only originating OS I know who might do that is HP-UX 
> 10.30, and 11.0x.
> But this is only if you are communicating with that system with ICMP.
> 
> After sending ICMP ECHO Request series to an HPUX 11.0 box I 
> had the first
> reply pretty normal but than ...
> 
[...]



More information about the Snort-users mailing list