[Snort-users] ICMP alerts
jan at ...206...
Mon Sep 11 08:54:38 EDT 2000
I need some advice.
I repeatedly receive two subsequent ICMP packages from one host.
One is a large ECHO packet, the other one is an ICMP source
The frequency is not quite high enough to consider this a
DoS-attack... even my 128kbps-line can deal with these two every
few hours... ;o))
[**] IDS246 - MISC - Large ICMP Packet [**]
09/09-07:01:52.042189 126.96.36.199 -> xx.xxx.x.xxx
ICMP TTL:241 TOS:0x0 ID:41985 DF
ID:48282 Seq:61662 ECHO
[**] ICMP Source Quench [**]
09/09-07:01:52.216006 188.8.131.52 -> xx.xxx.x.xxx
ICMP TTL:241 TOS:0x0 ID:41987 DF
Still, I ask myself what this may be. The IP obviously belongs to
a webserver from the Brandenburg government. An email remained
unreplied so far.
Any clues as to what this might be? Is someone trying to DoS them
and spoofing our address...??
Radio HUNDERT,6 Medien GmbH Berlin
- EDV -
j.muenther at ...206...
More information about the Snort-users