OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: [Snort-users] ICMP DB Issues

From: sekure (sekuregmail.com)
Date: Tue Jul 20 2004 - 13:25:56 CDT

I am using barnyard to insert the unified logs into a remote database,
and whereas i don't normally see those particular types of alerts,
other ICMP alerts have the following information: icmp_type,
icmp_code, icmp_csum, icmp_id, icmp_seq.

Now whether or not they get displayed by your front end ( ACID,
OpenAanval) is a whole different story.

On Tue, 20 Jul 2004 13:04:09 -0500, Joshua Berry <jberrypenson.com> wrote:
> I have had an issue for some time where I will get alerts such as "DDOS
> - TFN client command LE" which revolves around the ICMP ID, ICMP
> Sequence, and Type. However, the ICMP ID and Sequence is NEVER entered
> into the database, just the Type and Code. Has anyone else noticed
> this?
>
> Josh Berry, CISSP & MCSE
> Information Security
> 214-765-1296
>
> --------------------------------------------------------------------
> If you spend more on coffee than on IT security, you will be hacked.
> What's more, you deserve to be hacked.
> -- (Former) White House Cybersecurity adviser Richard Clarke
>
> -------------------------------------------------------
> This SF.Net email is sponsored by BEA Weblogic Workshop
> FREE Java Enterprise J2EE developer tools!
> Get your free copy of BEA WebLogic Workshop 8.1 today.
> http://ads.osdn.com/?ad_idG21&alloc_id040&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>

-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idG21&alloc_id040&op ick
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users