01-18-2003 04:30 PM - edited 03-09-2019 01:44 AM
This signature tends to fire on only one echo reply being sent have seen this in many cases multiple request come in with one reply and this fires. Is this a known issue or possible bug with signature.
01-23-2003 08:37 AM
The following is the explanation for this Signature
2153 Smurf. This triggers when a large number of ICMP Echo Replies are targeted at a machine. They can be from one or many sources. This will catch the attack known as Smurf, described in the related vulnerability page. Because this attack can come from many sources, automatic shunning of individual hosts is not very effective. If only one network is being used to broadcast the replies, the network can be shunned.
01-24-2003 07:39 AM
I know what it is supposed to trigger on but my concern is that it triggers on one echo reply in most cases that I have seen. There may be multple request but one reply triggers it usually during icmp network sweeps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide