[Snort-users] Sid 466

Semerjian, Ohanes ohanes.semerjian at ...8907...
Thu May 1 05:41:02 EDT 2003


Capture the traffic from and to that PC and check the type of the ICMP
packet (as there are different types of ICMP) that should help you know what
is actually going on.

Best Regards

Ohanes Semerjian
-----Original Message-----
From: David Powell [mailto:dpowell at ...8963...]
Sent: Thursday, 1 May 2003 3:22 AM
To: 'snort-users at lists.sourceforge.net'
Subject: [Snort-users] Sid 466
Importance: High


OK were fine tuning Snort here,

I'm looking at my top 5 alerts in Acid Console.  Second on my list is sid
466.  I investigated one of the PC's that is being reported as generating
this alert.  I found nothing, and the user says he's not doing any ICMP to
any devices. Plus if I do a ping it doesn't generate this sid 466.  I pretty
sure this is a false positive.  Looking for suggestions as to whether I
should go ahead and turn off the rule or leave it in?


Dave Powell - Network Analyst



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030501/03685a31/attachment.html>


More information about the Snort-users mailing list