[Snort-users] PSNG_ICMP_PORTSWEEP

waldo kitty wkitty42 at ...14940...
Fri Oct 8 13:33:05 EDT 2010


the following are hypothetical questions but ones that i run into all the time 
and have yet to find any explanation or answers for...


1. what is PSNG?

2. should i really be concerned about this type or port sweep? why?

3. should i be concerned about it if it is originating on my network? why?

4. why would the alert be showing that it is related to one address but tcpdump 
shows it is related to another but the last octet number is different?

   ie: 1.2.3.1 shown in alert but 1.2.3.134 is in the tcpdump capture






More information about the Snort-users mailing list