[Snort-users] Kontiki Download Manager caused NMAP Ping alerts

Arey, Jeff jeffrey.arey at ...9295...
Sun Jun 1 16:11:34 EDT 2003


Two of  our LAN users downloaded (or so they say) a Kontiki download manger,
with optional relay agents.  I noticed about 5 64-byte ICMP PING packets
every 5 seconds at the top of each minute!!!  One user generated 20,000
packets since last evening.  I found the two users, both in the same cube-
and they remembered downloading this program from CNET or similar.  Anyway,
when we killed the Kontiki program from the taskbar, the NMAP ping alerts
ceased.  It probably was a config issue on the users part, but it woke me up
with all of the NMAP alerts.  Good job Snort!

 

Jeff Arey

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030601/80bf3513/attachment.html>


More information about the Snort-users mailing list