[Snort-users] ICMP DB Issues

sekure sekure at ...11827...
Tue Jul 20 11:27:20 EDT 2004


I am using barnyard to insert the unified logs into a remote database,
and whereas i don't normally see those particular types of alerts,
other ICMP alerts have the following information: icmp_type,
icmp_code, icmp_csum, icmp_id, icmp_seq.

Now whether or not they get displayed by your front end ( ACID,
OpenAanval) is a whole different story.

On Tue, 20 Jul 2004 13:04:09 -0500, Joshua Berry <jberry at ...12157...> wrote:
> I have had an issue for some time where I will get alerts such as "DDOS
> - TFN client command LE" which revolves around the ICMP ID, ICMP
> Sequence, and Type.  However, the ICMP ID and Sequence is NEVER entered
> into the database, just the Type and Code.  Has anyone else noticed
> this?
> 
> Josh Berry, CISSP & MCSE
> Information Security
> 214-765-1296
> 
> --------------------------------------------------------------------
> If you spend more on coffee than on IT security, you will be hacked.
> What's more, you deserve to be hacked.
>     -- (Former) White House Cybersecurity adviser Richard Clarke
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by BEA Weblogic Workshop
> FREE Java Enterprise J2EE developer tools!
> Get your free copy of BEA WebLogic Workshop 8.1 today.
> http://ads.osdn.com/?ad_idG21&alloc_id040&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list