[Snort-users] CyberKit 2.2 Ping, its driven me Nuts..

dlbox at ...5068... dlbox at ...5068...
Mon Dec 29 09:39:02 EST 2003


Why is this rule called CyberKit 2.2 Ping then? Do both the Nachi worm and the CyberKit Ping generate packets that look exactly the same? Should the name of the rule be changed?

The average person who sees these alerts is going to ignore or disable the rule, NOT search through Snort-Users to find out it's Nachi and that they should not disable it.




> Hi,
> 
> They are just signs of Nachi & co. I think it's not good to disable the rule, 
> as closing your eyes does not solve troubles, but you could ignore all alerts 
> coming from external sources... write a nice script or something like that 
> that filters out all external hosts triggering that rule. It's perhaps nice 
> to keep the data anyway to generate statistics :-)
> 
> Greetings,
> Erwin Van de Velde
> Student of Antwerp University 
> Belgium
> 
> 
> On Monday 29 December 2003 19:51, Chris N wrote:
> > Fellow Snorters,
> >
> > Ok, I have had enough of this "CyberKit 2.2 Ping." How are some of you guys
> > dealing with it? Do you just ignore(pass), log every one, or go and try to
> > shut the offending hosts down? Although, trying to shutdown all the
> > offending host could be a daunting task, since there are so dam many.
> >
> > Chris
> >
> >
> >
> > -------------------------------------------------------
> > This SF.net email is sponsored by: IBM Linux Tutorials.
> > Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
> > Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
> > Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: IBM Linux Tutorials.
> Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
> Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
> Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list