[Snort-users] large, empty ICMP?

Robert L. Yelvington rly at ...579...
Tue Jan 30 23:45:19 EST 2001


I am running RH 6.2 w/snort 1.6.3, perhaps with an old rule set...but, I
just recently noticed these in my logs:

01/19-16:50:11.755231 OTHERHOST -> MYHOST
ICMP TTL:243 TOS:0x0 ID:48088  DF
ID:0   Seq:0  ECHO
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
...etc, etc.


Does this mean that my rules may have broken something?  OR is something broken?

I read recently that snort 1.7 is still having some issues on RH.

Has anyone had any problems running 1.6.3 w/snortfull.conf?

Would appreciate some "light" on this.

Thanks!!

-robt




More information about the Snort-users mailing list