Hello Snort users,
I think I have found a false positive with the following rule
1:469
ICMP PING NMAP
This is constantly
triggered from our Alteon AD4 load balancer sending ICMP pings to our Cisco router's
HSRP address which is its default gateway which it is pinging as part of
its failover mechanism.
Here are the packet
contents from ethereal as you can see there is no data in the ICMP header -
other pings seem to have data in them.
>
Chris
Connell
Senior Network Analyst
SCSA SCNA CCNA
IS Solutions Plc
Tel: 01932 893333
Fax: 01932 893433
http://www.issolutions.co.uk
UK Registered Office: Windmill House, 91-93 Windmill Rd, Sunbury-on-Thames, Middlesex TW16 7EF.
Company registration no.
1892751
