[Snort-users] Do I have a problem?

KEITH KOOYMAN pcsolutions101 at ...125...
Sun Aug 25 14:47:02 EDT 2002

I installed a SNORT box a few weeks ago and now I am getting some strange 
entries in my logs.  The log entry goes like this:

ICMP Nmap2.36BETA or HPING2 Echo [Classification: Attempted Information 
Leak] [Priority: 3]: {ICMP} ipaddress -> ipaddress

I go to the machines that are the source (first ip) and search the registry 
for nmap and it is there, on some machines.  No one is logged onto most of 
the machines when the event occurrs (I am certain of this).  I have seen 
this about 5-6 times since Fri night and can't determine if I am being 
scanned or not.

Does anyone have any ideas?  Does nmap leave any traces on a windows box 
that can be found/removed?

Any info would be appreciated.


Send and receive Hotmail on your mobile device: http://mobile.msn.com

More information about the Snort-users mailing list