[Snort-users] Questions about sids.
jesler at ...1935...
Mon Apr 8 09:48:57 EDT 2013
On Apr 8, 2013, at 9:37 AM, Joao Daniel Neves <joaodanielnevesss at ...125...> wrote:
> I'm a bit lost. I always have a lot of alerts of sid 1-373 ( http://www.snort.org/search/sid/1-373 ) it is PROTOCOL-ICMP PING Flowpoint2200 or Network Management Software.
> I think that is not a reason to bother since it is just a ping. I know that ping can be used to scan a network. But it does not seems to be the behavior of the alert. Since just one source sent 110 packages to only three IPs. And then never triged other alert.
> Shoud I be worried about it ?
If it's normal for you to have those events, then no, you shouldn't be worried.
Turn the rule off.
Senior Research Engineer, VRT
OpenSource Community Manager
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users