[Snort-users] icmp: is this real?

John Sage jsage at ...2022...
Sun Mar 31 21:49:01 EST 2002


Chris:

On Sun, Mar 31, 2002 at 10:31:44PM -0500, Chris Green wrote:
> John Sage <jsage at ...2022...> writes:
> 
> > Is this a _real_ icmp packet, or a ghost in the machine?
> >
> > Ths was in a portscan I got around midnight 03/30/02. It is in
> > sequence with the IP ID ahead of it, and after..
> >
> > And it _didn't_ have the  Type: Code: ID: Seq:  data line as all other
> > packets usually do..
> >
> > The DgmLen: is clearly bogus, unless snort is on crack..
> >
> > Oh yeah, snort 1.8.2 build 86, running on Linux 2.2.14.
> 
> Please upgrade to snort-stable off the downloads page on
> www.snort.org.  That was fixed post 1.8.3


I'll take that as meaning the correct answer was:

b) a ghost in the machine

Thnx...

- John
-- 
In those days, you could not buy a $2000 200MHz Pentium server.




More information about the Snort-users mailing list