[Snort-users] ICMP Ping NMAP troubleshooting

Simon Gray simong at ...8637...
Tue May 20 06:53:24 EDT 2003


Are you running any form of server checking software?

Some of those tend to use pings to check if host it up.

Could you not filter out external -> internal pings via a firewall?
----- Original Message ----- 
From: "Stephen W. Thomas" <swthomas at ...9227...>
To: <snort-users at lists.sourceforge.net>
Sent: Tuesday, May 20, 2003 2:08 PM
Subject: [Snort-users] ICMP Ping NMAP troubleshooting


> I've just setup a snort & acid setup on our company network. I've noticed
a lot of ICMP Ping NMAP hits coming from our servers and going to our W2K
DNS/Terminal server. I'd like to find out if this is normal or what is
generating the pings but I'm not sure how to track a packet with no payload
back to it's source program. Also, if it's normal for my network, then what
do most people recommend?
>
> A. Ignore the thousands of hits it gets
> B. Disable that one rule for the one destination.
>
> Any comments would be appreciated.
>
> Thanks,
> Steve
> NHYX銲un7+~V
> /u뙩ʋjƊjطj؝jj vv
> 蒋9rԢ
> >ںJ   y˶벋q箞Dzf)+Jz ۢy j鴢رDjxǢ{鹻&۳ qz  X) Jz rz֧  Wr





More information about the Snort-users mailing list