[Snort-users] ICMP PING CyberKit 2.2 rule falsing on "PingPlotter"
freebsduser at ...5068...
Tue Aug 26 18:05:11 EDT 2003
James R. Hendrick wrote:
> I thought someone was really zeroing in on my home system, but it was just me...
> Seems that the default payload for PingPlotter (www.pingplotter.com) is all "AAAAAAA"s
> Fortunately, you can change it.
> Just thought I'd pass this along. Sometimes I run it from work to monitor systems, etc.
> Jim Hendrick
I'm up to 10K Cyberkit 2.2's in a 24 hour period. According to ACID. I
have my firewall just denying them. Really nutso here.
More information about the Snort-users