[Snort-users] Large ICMP packets

Fernando Cardoso fernando at ...498...
Mon Oct 2 05:55:47 EDT 2000


I did some homework on this since I'm getting some ICMP Large Packets alarms
also. I did some OS fingerprinting on some hosts that deployed the alert and
the response was all the same: AIX on an IBM RS/*.


Fernando Cardoso			Phone:	+351 21 7982186
Network Administrator		Fax:		+351 21 7982185
National Library			E-mail:	fernando at ...498...
Portugal				PGP ID:	28551CB8 

> Jess,
> The only originating OS I know who might do that is HP-UX 
> 10.30, and 11.0x.
> But this is only if you are communicating with that system with ICMP.
> After sending ICMP ECHO Request series to an HPUX 11.0 box I 
> had the first
> reply pretty normal but than ...

More information about the Snort-users mailing list