[Snort-users] Snort rule regarding L3Retriever Ping
bmc at ...950...
Wed Mar 20 08:30:03 EST 2002
According to Ashley Thomas:
> There was a question regarding the below rule: (but didnt find any
> alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP L3retriever Ping";
> content: "ABCDEFGHIJKLMNOPQRSTUVWABCDEFGHI"; itype: 8; icode: 0; depth: 32;
> reference:arachnids,311; classtype:attempted-recon; sid:466; rev:1;)
> Is there any particular reason for this alert ??
Yeap, someone was using this tool to scan your network.
To ME, this isn't that important, but others may find it important to
More information about the Snort-users