[Snort-users] ICMP Ping NMAP troubleshooting

Stephen W. Thomas swthomas at ...9227...
Tue May 20 06:09:13 EDT 2003

I've just setup a snort & acid setup on our company network. I've noticed a lot of ICMP Ping NMAP hits coming from our servers and going to our W2K DNS/Terminal server. I'd like to find out if this is normal or what is generating the pings but I'm not sure how to track a packet with no payload back to it's source program. Also, if it's normal for my network, then what do most people recommend?
A. Ignore the thousands of hits it gets
B. Disable that one rule for the one destination.
Any comments would be appreciated.

More information about the Snort-users mailing list