Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security ISSForum
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ISSForum] Ping Sweep

from [Tim Greenwald] Network Security [Permanent Link]
Subject: Re: [ISSForum] Ping Sweep
Date: Tue, 04 Oct 2005 20:05:32 -0500 
Hee Kiong wrote:


Hi,

I have a server running whatsup application that monitors various 
servers at a remote site by using ICMP ping. The whatsup server will 
poll those servers every minute. I have an IDS installed at the remote 
site to monitor the incoming and outgoing traffics. The whatsup server 
has been running for about 1 1/2 years and only recently (2 months ago) 
I saw the ping sweep events showed at the remote IDS. The event showed 
me that the source IP is from the whatsup server and the destination IP 
addresses are those various servers at the remote site. The whatsup 
server is doing the ICMP sweep those servers and it is a valid event

I would like to know why this happens only just recently whereas I 
should see this event on the first day I got the whatsup server in 
place. Is it possible that this is false positive reports? How can you 
show that it is a false positive events? Hope to get some help here. Thanks


 


Have there been any other changes to the network at the time this 
occured (2 months ago)? Maybe a change to router config is now passing 
pings.

_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ISSForum] Internet Scanner Update Problem, Ibrahim Shouman
Next by Date:  Re: [ISSForum] Ping Sweep, Palmer, Paul \(ISSAtlanta\)
Previous by Thread:  Re: [ISSForum] Ping Sweep, Heather Lewis
Next by Thread:  Re: [ISSForum] Ping Sweep, Palmer, Paul \(ISSAtlanta\)
Indexes:  [Date] [Thread] [Top] [All Lists]