[Snort-users] Attempted Information Leak & Misc activity

permalink · #1 (**permalink**) 06-15-2004

This is a multi-part message in MIME format.

------=_NextPart_000_0022_01C4531E.3B1D0B60
Content-Type: text/plain;
charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable

Hi all,=20

What is the difference between there two classifications?
For example ICMP PING BSDtype belongs to Misc activity=20
and ICMP PING NMAP belongs to Attempted Information Leak
For me it's the same, so why ICMP PING BSDtype doesn't=20
belong to Attempted Information Leak?

Other examples:

SNMP request tcp [**] [Classification: Attempted Information Leak]
SCAN SOCKS Proxy attempt [**] [Classification: Attempted Information =
Leak]=20
ICMP Destination Unreachable (Communication Administratively Prohibited) =
[**] [Classification: Misc activity]=20
SCAN Squid Proxy attempt [**] [Classification: Attempted Information =
Leak]
SCAN nmap TCP [**] [Classification: Attempted Information Leak]=20
SCAN nmap XMAS [**] [Classification: Attempted Information Leak]=20

-------------------------------------------------
Best Regards, Marcin

------=_NextPart_000_0022_01C4531E.3B1D0B60
Content-Type: text/html;
charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-2">
<META content=3D"MSHTML 6.00.2800.1400" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT size=3D2>Hi all, </FONT></DIV>
<DIV><FONT size=3D2></FONT> </DIV>
<DIV><FONT size=3D2>What is the difference between there two=20
classifications?</FONT></DIV>
<DIV><FONT size=3D2>For example ICMP PING BSDtype belongs to Misc =
activity=20
</FONT></DIV>
<DIV><FONT size=3D2>and ICMP PING NMAP belongs to Attempted Information=20
Leak</FONT></DIV>
<DIV><FONT size=3D2>For me it's the same, so why ICMP PING BSDtype =
doesn't=20
</FONT></DIV>
<DIV><FONT size=3D2>belong to Attempted Information Leak?</FONT></DIV>
<DIV><FONT size=3D2></FONT> </DIV>
<DIV><FONT size=3D2>Other examples:</FONT></DIV>
<DIV><FONT size=3D2></FONT> </DIV>
<DIV>SNMP request tcp [**] [Classification: Attempted Information =
Leak]<BR>SCAN=20
SOCKS Proxy attempt [**] [Classification: Attempted Information Leak] =
<BR>ICMP=20
Destination Unreachable (Communication Administratively Prohibited) [**] =

[Classification: Misc activity] <BR>SCAN Squid Proxy attempt [**]=20
[Classification: Attempted Information Leak]</DIV>
<DIV>SCAN nmap TCP [**] [Classification: Attempted Information Leak] =
</DIV>
<DIV>SCAN nmap XMAS [**] [Classification: Attempted Information Leak] =
</DIV>
<DIV><FONT size=3D2></FONT> </DIV>
<DIV> </DIV>
<DIV><FONT =
size=3D2>-------------------------------------------------</FONT></DIV>
<DIV><FONT size=3D2>Best Regards, Marcin</FONT></DIV>
<DIV><FONT size=3D2></FONT> </DIV></BODY></HTML>

------=_NextPart_000_0022_01C4531E.3B1D0B60--

-------------------------------------------------------
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode