Alerts of the ICMP relationship with smtp connection?

From: Paulo (listassec_at_yahoo.com)
Date: 05/30/05

  • Next message: Dave Patterson: "Re: user name from security logs" 
    Date: Mon, 30 May 2005 12:07:56 -0700 (PDT)
To: SecurityBasics SF <security-basics@securityfocus.com>

    Hi,

    I am using Snort version Version 2.3.2 (Build 12).
    I have in my snort logs the alerts:

    366 - ICMP Ping *nix
    384 - ICMP Ping
    368 - Ping BSDtype

    I investigated my others systems logs and in the time
    that this alert is recorded is the same that
    registered smtp connection in the maillog arquive from
    my postfix server.

    The source IP address in snort's log is equal the
    destination IP address in the maillog to smtp
    connection.

    My smtp server is a Postfix version 1.1.3.

    This alerts can to be generated by my mail server when
    it sends mails?

    Is this alerts a false positive?

    Thanks by help

    __________________________________________________
    Do You Yahoo!?
    Tired of spam? Yahoo! Mail has the best spam protection around
    http://mail.yahoo.com

  • Next message: Dave Patterson: "Re: user name from security logs"

    Relevant Pages

    • Re: WMI trace log
      ... Double-click Performance Logs and Alerts. ... >> If the WMI Performance Adapter service is disabled, ... >> When the command prompt opens type or paste: ...
      (microsoft.public.windowsxp.perform_maintain)
    • Re: WMI trace log
      ... Click Counter Logs, Trace Logs, or Alerts. ... >>> You can disable the WMI Performance Adapter service in Services. ... >>> If the WMI Performance Adapter service is disabled, ...
      (microsoft.public.windowsxp.perform_maintain)
    • Re: OT (Slightly) ZoneAlarm Problem
      ... When ZA blocks something it logs what it did and what program/process was doing the Bad Thing that triggered it. ... You may need to look under both programs and firewall on the Alerts and Logs page. ... It may be something as simple as an active-X or Java control, media player, or other plugin trying to fire up that you told ZA wasn't allowed to run on your machine via the internet. ...
      (sci.electronics.design)
    • Re: How to stop performance logging in Perfmon?
      ... Performance Logs and Alerts collects data in a comma-separated or tab-separated format for easy import to spreadsheet programs. ... A binary log-file format is also provided for circular logging or for logging instances such as threads or processes that might begin after the log starts collecting data. ...
      (microsoft.public.windowsxp.perform_maintain)
    • Re: Email Alerts Error
      ... Can users get alerts delivered to MySite? ... addresses are correct...no other messages in the SQL logs of event logs on ... Database appears to be offline or tables are locked ... A_2) at Microsoft.SharePoint.Portal.Alerts.j.a(String A_0, SqlParameter[] ...
      (microsoft.public.sharepoint.portalserver)