[Snort-users] ICMP PING Windows

RAMALINGA Reddy Rgreddy1 at ...4101...
Tue Nov 20 00:30:02 EST 2001


Hi,
	We are using snort on a linux box. There is one machine A which is
trying an "ICMP PING Windows" on machine B. The number of times it attempted
such a ping was 2450 in a span of 24 hours. The snort rule corresponding to
this is checking for the following string in the content.
content: "|61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70|"
I suspect it to be a virus attack. Can anyone help ?

thanks,
Rali





More information about the Snort-users mailing list