Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:484 |
Message | ICMP PING Sniffer Pro/NetXRay network scan |
Summary | This event is generated when an ICMP echo request is made from a host running Sniffer Pro/NetXRay software. |
Impact | Information gathering. An ICMP echo request can determine if a host is active. |
Detailed Information | An ICMP echo request is used by the ping command to elicit an ICMP echo reply from a listening live host. An echo request that originates from a Windows host running Sniffer Pro/NetXRay software contains a unique payload in the message request. |
Affected Systems | All |
Attack Scenarios | An attacker may attempt to determine live hosts in a network prior to launching an attack. |
Ease of Attack | Simple |
Corrective Action | Block inbound ICMP echo requests. |
Additional References |
--
DID:490720
--
http://www.aanval.com/