[Snort-users] Portscan with ICMP?

Edin Dizdarevic edin.dizdarevic at ...7509...
Tue Apr 15 02:32:02 EDT 2003


Hello all,

is anybody else becominng alerts from portscan2 with ICMP?

What does it mean? The number of ICMP Packets exceeding the treshold?

Nice feature to detect $flooding... ;)

Regards,

Edin

Generated by ACID v0.9.6b23 on Tue, 15 Apr 2003 11:26:51 +0200

------------------------------------------------------------------------------
#(1 - 5) [2003-04-09 15:29:44] [snort/1]  (spp_portscan2) Portscan 
detected from xxx.xxx.xxx.xxx: 4 targets 6 ports in 0 seconds
IPv4: xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx
       hlen=5 TOS=0 dlen=84 ID=0 flags=0 offset=0 TTL=63 chksum=52602
ICMP: type=Echo Request code=0
       checksum=60966 id= seq=
Payload: ...>_g.......................... !"#$%&\'()*+,-./01


(Snort 1.9.1 on Linux)

-- 
Edin Dizdarevic





More information about the Snort-users mailing list