[Snort-users] small ?

tomb at ...10629... tomb at ...10629...
Thu Nov 27 09:01:04 EST 2003


thk y'all i found my problem i had a couple virus on my windows box
thk agin
Tom





> We get these from the Welchia Virus.  It performs ping scans that happen
> to match this CyberKit rule.
>
>
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of
> tomb at ...10629...
> Sent: Monday, November 24, 2003 11:32 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] small ?
>
>
> when i run Snort -D and i tail -f my log file  i get a bunch of
> alert like this
> [**] [1:483:2] ICMP PING CyberKit 2.2 Windows [**]
> [Classification: Misc activity] [Priority: 3]
> 11/18-09:58:36.586829 my.ip -> y.y.y.y
> ICMP TTL:127 TOS:0x0 ID:4826 IpLen:20 DgmLen:92
> Type:8  Code:0  ID:512   Seq:60000  ECHO
> [Xref => http://www.whitehats.com/info/IDS154]
>
> so my question is why?\
>
> THK
> Tom
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: SF.net Giveback Program.
> Does SourceForge.net help you be more productive?  Does it
> help you create better code?  SHARE THE LOVE, and help us help
> YOU!  Click Here: http://sourceforge.net/donate/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: SF.net Giveback Program.
> Does SourceForge.net help you be more productive?  Does it
> help you create better code?  SHARE THE LOVE, and help us help
> YOU!  Click Here: http://sourceforge.net/donate/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list
>





More information about the Snort-users mailing list