[Snort-users] MISC same SRC/DST from broadcast ..

Dushyanth Harinath dushy at ...3222...
Fri Sep 28 03:53:02 EDT 2001


Hi,

Iam getting this alerts involving broadcast addresses.How can i find out
why this is triggerd.Does this happen if someone pings to the broadcast
address ?.

Generated by ACID v0.9.6b15 on Fri September 28, 2001 16:05:21

------------------------------------------------------------------------------#(1 - 13531) [2001-09-27 16:21:07]  MISC same SRC/DST
IPv4: 255.255.255.255 -> 255.255.255.255
hlen=5 TOS=24 dlen=28 ID=242 flags=0 offset=0 TTL=48 chksum=35288
ICMP: type=Echo Request code=0
checksum=63240 id=242 seq=5
Payload: none
------------------------------------------------------------------------------#(1 - 13532) [2001-09-27 16:21:07]  MISC same SRC/DST
IPv4: 255.255.255.255 -> 255.255.255.255
hlen=5 TOS=24 dlen=28 ID=242 flags=0 offset=0 TTL=48 chksum=35288
ICMP: type=Echo Request code=0
checksum=63240 id=242 seq=5
Payload: none
------------------------------------------------------------------------------#(1 - 13533) [2001-09-27 16:21:07]  MISC same SRC/DST
IPv4: 255.255.255.255 -> 255.255.255.255
hlen=5 TOS=24 dlen=28 ID=242 flags=0 offset=0 TTL=48 chksum=35288
ICMP: type=Echo Request code=0
checksum=63240 id=242 seq=5
Payload: none
------------------------------------------------------------------------------#(1 - 13534) [2001-09-27 16:21:07]  MISC same SRC/DST
IPv4: 255.255.255.255 -> 255.255.255.255
hlen=5 TOS=24 dlen=28 ID=242 flags=0 offset=0 TTL=48 chksum=35288
ICMP: type=Echo Request code=0
checksum=63240 id=242 seq=5
Payload: none
------------------------------------------------------------------------------#(1 - 13535) [2001-09-27 16:21:07]  MISC same SRC/DST
IPv4: 255.255.255.255 -> 255.255.255.255
hlen=5 TOS=24 dlen=28 ID=242 flags=0 offset=0 TTL=48 chksum=35288
ICMP: type=Echo Request code=0
checksum=63240 id=242 seq=5
Payload: none
------------------------------------------------------------------------------#(1 - 13536) [2001-09-27 16:21:07]  MISC same SRC/DST
IPv4: 255.255.255.255 -> 255.255.255.255
hlen=5 TOS=24 dlen=28 ID=242 flags=0 offset=0 TTL=48 chksum=35288
ICMP: type=Echo Request code=0
checksum=63240 id=242 seq=5
Payload: none
------------------------------------------------------------------------------#(1 - 13537) [2001-09-27 16:21:07]  MISC same SRC/DST
IPv4: 255.255.255.255 -> 255.255.255.255
hlen=5 TOS=24 dlen=28 ID=242 flags=0 offset=0 TTL=48 chksum=35288
ICMP: type=Echo Request code=0
checksum=63240 id=242 seq=5
Payload: none
------------------------------------------------------------------------------#(1 - 13538) [2001-09-27 16:21:07]  MISC same SRC/DST
IPv4: 255.255.255.255 -> 255.255.255.255
hlen=5 TOS=24 dlen=28 ID=242 flags=0 offset=0 TTL=48 chksum=35288
ICMP: type=Echo Request code=0
checksum=63240 id=242 seq=5
Payload: none
------------------------------------------------------------------------------#(1 - 13539) [2001-09-27 16:21:07]  MISC same SRC/DST
IPv4: 255.255.255.255 -> 255.255.255.255
hlen=5 TOS=24 dlen=28 ID=242 flags=0 offset=0 TTL=48 chksum=35288
ICMP: type=Echo Request code=0
checksum=63240 id=242 seq=5
Payload: none
------------------------------------------------------------------------------#(1 - 13540) [2001-09-27 16:21:07]  MISC same SRC/DST
IPv4: 255.255.255.255 -> 255.255.255.255
hlen=5 TOS=24 dlen=28 ID=242 flags=0 offset=0 TTL=48 chksum=35288
ICMP: type=Echo Request code=0
checksum=63240 id=242 seq=5
Payload: none

regards
dushyanth

--
First they ignore you,            | Dushyanth Harinath
then they laugh at you,           | Programmer/SysAdmin
then they fight you,              | Archean Infotech
then you win.- Mahatma Gandhi     | http://www.archeanit.com
(possibly not talking about Linux)|



-----------------------------------------
This email was sent using SquirrelMail.
   "Webmail for nuts!"
http://squirrelmail.org/






More information about the Snort-users mailing list