July 22nd, 2003, 10:03 PM
I'm still seeing these occassionaly alerts as well. They are being generated by three boxes on my network, one being a sendmail box (just like you), but the other two are Win2k Pro, and are the...
July 22nd, 2003, 04:18 PM
If ident is triggering these snort alerts, the original destination port listed in the alert should be 113. In some of the alerts you have posted, I have seen other destination ports referneced...
July 15th, 2003, 02:28 AM
I, as well, am still seeing a few of these alerts on my IDS. Though I have not figured them out, I can attest that they are NOT the result of spoofed traffic, but are the result of hosts on my LAN...
July 10th, 2003, 03:43 PM
Like I said, the only thing that makes my wonder about this traffic is that we also block all ICMP traffic, inbound and outbound. So I looked at these alerts and said "Humm, how the hell did that get...
July 10th, 2003, 03:21 AM
I've been seeing the same type of alerts on my snort box. I usually get one or two every few days and have yet to figure them out either. The ICMP messages seem to be directed back to boxes on my...