[Snort-users] small ?

SRH-Lists giermo at ...8381...
Mon Nov 24 11:19:07 EST 2003


> 
> when i run Snort -D and i tail -f my log file  i get a bunch of
> alert like this
> [**] [1:483:2] ICMP PING CyberKit 2.2 Windows [**]
> [Classification: Misc activity] [Priority: 3]
> 11/18-09:58:36.586829 my.ip -> y.y.y.y
> ICMP TTL:127 TOS:0x0 ID:4826 IpLen:20 DgmLen:92
> Type:8  Code:0  ID:512   Seq:60000  ECHO
> [Xref => http://www.whitehats.com/info/IDS154]
> 
> so my question is why?\

The answer is Nachi/Welchia.

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100559
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm
.html

-steve




More information about the Snort-users mailing list