[Snort-users] ICMP PING CyberKit 2.2 rule falsing on "PingPlotter"

K Anderson freebsduser at ...5068...
Tue Aug 26 18:05:11 EDT 2003


James R. Hendrick wrote:
> Hi,
> 	I thought someone was really zeroing in on my home system, but it was just me...
> 
> Seems that the default payload for PingPlotter (www.pingplotter.com) is all "AAAAAAA"s
> 
> Fortunately, you can change it.
> 
> Just thought I'd pass this along. Sometimes I run it from work to monitor systems, etc. 
> 
> Later,
> 
> Jim Hendrick
Lucky you.

I'm up to 10K Cyberkit 2.2's in a 24 hour period. According to ACID. I 
have my firewall just denying them. Really nutso here.





More information about the Snort-users mailing list