Message........: ICMP L3retriever Ping
Details........: www.snort.org/.../466
Time...........: 2010:06:02-11:35:54
Packet dropped.: yes
Priority.......: 2 (medium)
Classification.: Attempted Information Leak IP protocol....: 1 (ICMP)
Source IP address: 10.98.12.x
- www.dnsstuff.com/.../ptr.ch
- www.ripe.net/.../whois
- ws.arin.net/.../whois.pl
- cgi.apnic.net/.../whois.pl
Source port: 0
Destination IP address: 10.19.12.200
- www.dnsstuff.com/.../ptr.ch
- www.ripe.net/.../whois
- ws.arin.net/.../whois.pl
- cgi.apnic.net/.../whois.pl
Destination port: 0
The alert is being generated with the source in one LAN network segment and the destination on another LAN network segment. These are being generated when the first Windows XP box accesses a shared network folder on the computer at the second network segment.
Any ideas as to why this may be occurring? The shared folder has been in place for a while and this just started happening in the past week. I need to understand exactly what is causing this because this is a PCI environment and the target of the scan is a PCI device.
This thread was automatically locked due to age.
