RE: [Snort-users] Strange PATH MTU Traffic

This is a discussion on RE: [Snort-users] Strange PATH MTU Traffic within the Snort forums, part of the System Security and Security Related category; I believe this has to do with Microsoft Roaming profiles. I will try to dig up the URL. I have ...


Go Back   Usenet Forums > System Security and Security Related > Snort

Reload this Page RE: [Snort-users] Strange PATH MTU Traffic

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 04-27-2005
larosa_vjay@emc.com
 
Posts: n/a
Default RE: [Snort-users] Strange PATH MTU Traffic
I believe this has to do with Microsoft Roaming profiles. I will try to dig
up the URL. I have actually seen Jpeg's transmitted in ICMP from M$ hosts.

vjl

-----Original Message-----
From: snort-users-admin@lists.sourceforge.net
[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of Joshua Berry
Sent: Monday, April 25, 2005 11:57 AM
To: snort-users@lists.sourceforge.net
Subject: [Snort-users] Strange PATH MTU Traffic

I am getting this alert: ICMP PATH MTU denial of service

I have never had this alert previous to this weekend, and have received
40,000 within the last 8 hours. Some of this traffic appears to be
encrypted, the rest of it is hitting our domain controllers and contains
schema information.

I know Microsoft does some screwy stuff but I have never seen schema
information transmitted in an ICMP packet, much less a path mtu discovery
packet.

Anyone else seen this type of traffic?

Josh Berry | CISSP GCIA
Information Security
214-765-1296

--------------------------------------------------------------------
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- (Former) White House Cybersecurity adviser Richard Clarke



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users


-------------------------------------------------------
SF.Net email is sponsored by: Tell us your software development plans!
Take this survey and enter to win a one-year sub to SourceForge.net
Plus IDC's 2005 look-ahead and a copy of this survey
Click here to start! http://www.idcswdc.com/cgi-bin/survey?id=105hix
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 02:03 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0