[Snort-users] Speedera Alerts

Kevin L Pawloski kpawloski at ...5338...
Mon Mar 25 10:21:08 EST 2002


My Snort logs are being flooded with Speedera Alerts. This is to be
expected since they are pinging one of my DNS servers =) Except for some
reason the rule I am using is not filtering out any of their packets.
Here is what I have in my icmp rules and a sample packet.

alert ICMP any any -> any any (msg:"PING Speedera"; content: "|3839 3A3B
3C3D 3E3F|"; itype: 8; )

08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17   ...............
18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27   ........ !"#$%&'
28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37   ()*+,-./01234567
38 39 3A 3B 3C 3D 3E 3F                           89:;<=>?

Any ideas?

Thanks!

Kevin

________________________________________________________________
GET INTERNET ACCESS FROM JUNO!
Juno offers FREE or PREMIUM Internet access for less!
Join Juno today!  For your FREE software, visit:
http://dl.www.juno.com/get/web/.




More information about the Snort-users mailing list