[Snort-users] Portscan with ICMP?
Edin Dizdarevic
edin.dizdarevic at ...7509...
Tue Apr 15 02:32:02 EDT 2003
Hello all,
is anybody else becominng alerts from portscan2 with ICMP?
What does it mean? The number of ICMP Packets exceeding the treshold?
Nice feature to detect $flooding... ;)
Regards,
Edin
Generated by ACID v0.9.6b23 on Tue, 15 Apr 2003 11:26:51 +0200
------------------------------------------------------------------------------
#(1 - 5) [2003-04-09 15:29:44] [snort/1] (spp_portscan2) Portscan
detected from xxx.xxx.xxx.xxx: 4 targets 6 ports in 0 seconds
IPv4: xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx
hlen=5 TOS=0 dlen=84 ID=0 flags=0 offset=0 TTL=63 chksum=52602
ICMP: type=Echo Request code=0
checksum=60966 id= seq=
Payload: ...>_g.......................... !"#$%&\'()*+,-./01
(Snort 1.9.1 on Linux)
--
Edin Dizdarevic
More information about the Snort-users
mailing list