[Snort-users] MISC Large ICMP Packet

Fyodor fygrave at ...121...
Fri Apr 6 13:58:31 EDT 2001

On Fri, Apr 06, 2001 at 09:32:46AM +0100, Fernando Cardoso wrote:
> Suspicious, but probably benign. I would add to your list MTU discovery by
> HP/UX and AIX boxes. Possibly the Brearley box you saw in your logs would be
> one of this systems. As I remember, the payload would be all zeros.

Automagic MTU discovery is broken on HP/UX 10.x and AIX (know how to figure out interface's MTU there? :)), we just use 1500 as default there ..

More information about the Snort-users mailing list