[Snort-users] Kontiki Download Manager caused NMAP Ping alerts
jeffrey.arey at ...9295...
Sun Jun 1 16:11:34 EDT 2003
Two of our LAN users downloaded (or so they say) a Kontiki download manger,
with optional relay agents. I noticed about 5 64-byte ICMP PING packets
every 5 seconds at the top of each minute!!! One user generated 20,000
packets since last evening. I found the two users, both in the same cube-
and they remembered downloading this program from CNET or similar. Anyway,
when we killed the Kontiki program from the taskbar, the NMAP ping alerts
ceased. It probably was a config issue on the users part, but it woke me up
with all of the NMAP alerts. Good job Snort!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users