[Snort-users] icmp L3 Retriever Ping

JC Rodz nyjcr at ...125...
Thu Feb 7 06:40:05 EST 2002


Hi,

Does anyone know what does Signature "ICMP L3retriever Ping" means.
It looks like a regular ping, I'm not user whay is coming up. I received 336 
instances within a 4 hour period.
all from the same source and the same destination.

Whitehats has it classified as ids311, But of course they still down...

Here it is
[**] ICMP L3retriever Ping [**]
02/06-12:36:51.327116 (Internal IP) -> (Internal IP)
ICMP TTL:30 TOS:0x0 ID:9359 IpLen:20 DgmLen:60
Type:8  Code:0  ID:2   Seq:310  ECHO
41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F 50  ABCDEFGHIJKLMNOP
51 52 53 54 55 56 57 41 42 43 44 45 46 47 48 49  QRSTUVWABCDEFGHI

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

Thank you,
JC..

_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com





More information about the Snort-users mailing list