Hello, people, this my first time in this list.
I've a question for all you guys.
I'm running a woody with snort installed and configured to listen on the
ppp0, I'received this snort daily report:
3) IDS246 - MISC - Large ICMP Packet: xxx.xx.xx.xx -> home_net
After seeking the /var/log/auth.log, I found that I recieve this type of
packet every time I connect to the Web server running on this IP.
What kind of game is it?. It's a AIX features (the OS that the host
claims to run)?
There is good (even to check if the client IP isn't spoofed) reason to
Another question: sometime I receive alert like this, coming from the
same IP (but, I think, this is a hosted website on his IP)
IDS244 - CVE-1999-0771 - Compaq-insight-dot-dot: xxx.xx.xx.xx:80 ->
I think's this a probe to see, if I'm running a Compaq Management
Agents to exploit a .. attack? Right?
TIA for the answers.