[Snort-users] Large ICMP packets
fernando at ...498...
Mon Oct 2 05:55:47 EDT 2000
I did some homework on this since I'm getting some ICMP Large Packets alarms
also. I did some OS fingerprinting on some hosts that deployed the alert and
the response was all the same: AIX 220.127.116.11-18.104.22.168 on an IBM RS/*.
Fernando Cardoso Phone: +351 21 7982186
Network Administrator Fax: +351 21 7982185
National Library E-mail: fernando at ...498...
Portugal PGP ID: 28551CB8
> The only originating OS I know who might do that is HP-UX
> 10.30, and 11.0x.
> But this is only if you are communicating with that system with ICMP.
> After sending ICMP ECHO Request series to an HPUX 11.0 box I
> had the first
> reply pretty normal but than ...
More information about the Snort-users