[Snort-users] Strange ICMP

Baxter, Anthony (ABAXTER) ABAXTER at ...10513...
Tue May 18 11:09:01 EDT 2004

To All,

Does anyone know how I could send the Fourlog files that snort is generating
for me over to log analyzer via syslog, or will I have to set up a cron job?

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Ron Shuck
Sent: Tuesday, May 18, 2004 10:49 AM
To: snort-users at lists.sourceforge.net; intrusions at ...11822...
Subject: [Snort-users] Strange ICMP

I am detecting an increased amount of ICMP Ping traffic. The strange thing
is that there are several sources that are hitting us about 1000 times a
week. All of these sources have a last octet of some form of 36 and 37. & 37 & 37 & 37 & 237 & 137
These are from different ISPs and in a couple countries. The destination is
on a Cable Modem that has no inbound access. It's not causing an issue, it's
just anomalous.

Anyone else seeing this kind of traffic, or have any ideas on the origin?

Ron Shuck, CISSP, GCIA, CCSE - Managing Consultant
Buchanan Associates - A Technology Company in the People Business

This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for
SourceForge Broadband and get the fastest 6.0/768 connection for only
$19.95/mo for the first 3 months!
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list