[Snort-users] Questions about sids.

Joao Daniel Neves joaodanielnevesss at ...125...
Mon Apr 8 09:37:46 EDT 2013


I'm a bit lost. I always have a lot of alerts of sid 1-373 ( http://www.snort.org/search/sid/1-373 ) it is PROTOCOL-ICMP PING Flowpoint2200 or Network Management Software.

I think that is not a reason to bother since it is just a ping. I know that ping can be used to scan a network. But it does not seems to be the behavior of the alert. Since just one source sent 110 packages to only three IPs. And then never triged other alert.

Shoud I be worried about it ? 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130408/f09e9599/attachment.html>

More information about the Snort-users mailing list