[Snort-users] ICMP DB Issues

Joshua Berry jberry at ...11848...
Tue Jul 20 11:05:03 EDT 2004


I have had an issue for some time where I will get alerts such as "DDOS
- TFN client command LE" which revolves around the ICMP ID, ICMP
Sequence, and Type.  However, the ICMP ID and Sequence is NEVER entered
into the database, just the Type and Code.  Has anyone else noticed
this?

 
Josh Berry, CISSP & MCSE 
Information Security
214-765-1296
 
-------------------------------------------------------------------- 
If you spend more on coffee than on IT security, you will be hacked. 
What's more, you deserve to be hacked. 
     -- (Former) White House Cybersecurity adviser Richard Clarke 





More information about the Snort-users mailing list