[Snort-users] FYI - Possible cause for false positive - ICMP L3retriever Ping
cmg at ...1935...
Thu Jun 13 05:19:01 EDT 2002
Michael Gargiullo <gargiullo at ...5068...> writes:
> FYI - One cause for false positives with :
> alert : ICMP L3retriever Ping
>>From inside an ipchains firewall on a win2k server. I used M$ SQL
> Server Enterprise Manager to connect to an external SQL Server.
Could you reproduce the full connection handshake for us? I would
like to see how this acts.
If you are concerned about sensitve information being sent to a public
mailing list, please send me pcap formatted dumps
Chris Green <cmg at ...1935...>
"I'm beginning to think that my router may be confused."
More information about the Snort-users