[Snort-users] CyberKit 2.2 Ping, its driven me Nuts..

lindsay.hunt at ...9446... lindsay.hunt at ...9446...
Tue Dec 30 07:55:19 EST 2003


I have found this rule to be extremely valuable in terms of finding
infected hosts. Yes, it is difficult to track down all of the cyberkit
alerts, but the trade off is much worse; an infected network. Our network
permformance was severely affected when the Nachi/Welchia worm was
released. The cyberkit rule (in addition to firewall logs) helped us
identify the infected machines so that they could be removed from the
network and cleaned. I don't really want hundreds of thousands of pings
traversing our network looking for machines to compromise.

regards,

Lindsay Hunt
Network Engineer
Alstom Power
phone 804-763-7239
mobile 804-334-1682
fax 804-763-7107


                                                                                                                                                
                      Roberto Suarez Soto                                                                                                       
                      <robe at ...3881...>                 To: snort-users at lists.sourceforge.net                                                   
                                                        cc:                                                                                     
                      Sent by:                          Subject:  Re: [Snort-users] CyberKit 2.2 Ping, its driven me Nuts..                     
                      snort-users-admin at ...4626...                                                                                              
                      ceforge.net                                                                                                               
                                                                                                                                                
                                                                                                                                                
                      12/29/2003 11:13 AM                                                                                                       
                                                                                                                                                
                                                                                                                                                




On Dec/29, Chris N wrote:

> Ok, I have had enough of this "CyberKit 2.2 Ping." How are some of you
guys
> dealing with it? Do you just ignore(pass), log every one, or go and try
to
> shut the offending hosts down? Although, trying to shutdown all the
> offending host could be a daunting task, since there are so dam many.

             I just switched that rule off. I couldn't bear it anymore O:-)

--
Roberto Suarez Soto
 Alfa21 Outsourcing
    robe at ...3881...
http://www.alfa21.com


-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




CONFIDENTIALITY : This e-mail and any attachments are confidential and may
be privileged. If you are not a named recipient, please notify the sender
immediately and do not disclose the contents to another person, use it for
any purpose or store or copy the information in any medium.






More information about the Snort-users mailing list