[Snort-users] MISC Large ICMP Packet

Ofir Arkin ofir at ...949...
Mon Apr 9 20:44:20 EDT 2001

Probably what you are seeing is Path MTU discovery using ICMP Echo Requests
(common with HPUX 11.x, AIX 4.3.x).

You can search the archives to learn more, or
You can read page 47 in my paper "ICMP Usage In Scanning" v2.5 available
from http://www.sys-security.com, explaining it with example from an HPUX
11.x machine.

Hope this helps

Ofir Arkin
ofir at ...949...
PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA

More information about the Snort-users mailing list