[Snort-users] Strange Snort Warning: Hello, is anybody home?

Sandy Biring sbiring at ...6789...
Wed Sep 4 15:43:01 EDT 2002


Snort newbie here ....

I saw this alert in ACID today (9 packets in total): 

Source Addr: 255.255.255.255 Dest Addr: 10.0.4.8 Type: (0) Echo Reply
Code: (0) 0 Checksum: 1276
Payload: 

length = 24

000 : 48 65 6C 6C 6F 2C 20 69 73 20 61 6E 79 62 6F 64   Hello, is anybod
010 : 79 20 68 6F 6D 65 3F 00                           y home?.



Another alert shows the same payload, but 10.0.4.8 as the source and the
destination! (it is a Win2k server)


Can anyone tell me what this is, and if its anything to worry about???








More information about the Snort-users mailing list