[Snort-users] MISC Large ICMP Packet

Aaron McKinnon aaron at ...1376...
Thu Apr 5 13:41:05 EDT 2001

Getting lots of these:

[**] MISC Large ICMP Packet [**]
04/04-10:08:22.879950 ->
ICMP TTL:245 TOS:0x0 ID:14913 IpLen:20 DgmLen:1500 DF
Type:8  Code:0  ID:39612   Seq:57072  ECHO

This machine is a web server. As best I can tell from some research this is
nothing to worry about. Does anyone see a reason why I shouldn't disable
this rule?

Aaron McKinnon
System Administrator
Fullerene Productions, Inc.
3250 Wilshire Blvd. Suite 2000
Los Angeles, CA 90010

More information about the Snort-users mailing list