Hello, people, this my first time in this list. I've a question for all you guys. I'm running a woody with snort installed and configured to listen on the ppp0, I'received this snort daily report:
3) IDS246 - MISC - Large ICMP Packet: xxx.xx.xx.xx -> home_net After seeking the /var/log/auth.log, I found that I recieve this type of packet every time I connect to the Web server running on this IP. What kind of game is it?. It's a AIX features (the OS that the host claims to run)? There is good (even to check if the client IP isn't spoofed) reason to make this? Another question: sometime I receive alert like this, coming from the same IP (but, I think, this is a hosted website on his IP) IDS244 - CVE-1999-0771 - Compaq-insight-dot-dot: xxx.xx.xx.xx:80 -> my_home_net I think's this a probe to see, if I'm running a Compaq Management Agents to exploit a .. attack? Right? TIA for the answers. -- Raffaele Spangaro [EMAIL PROTECTED]
