Achtung! Snort Cyberkit alert!!!

Discussion in 'General Mac Discussion' started by St. George, Sep 18, 2003.

  1. St. George macrumors member

    May 7, 2003
    Hi there.

    I noticed my G4 iMac running a little slow the other day - plus expolrer and safari were both acting odd - not loading 40% of sites. This could be a fault with my ISP of course but I started checking about.

    "I'm now running Snort/HenWen/Letterstick and keep getting this:

    A new alert has been issued...
    The alert contents: "ICMP PING Cyberkit 2.2 Windows"

    The alert was triggered by an ICMP packet
    Source..." etc

    I'm getting hit by this every 5 seconds - non-stop.

    Any clues anyone?
  2. rainman::|:| macrumors 603


    Feb 2, 2002
    I'm not quite sure what that is, you should use a utility to get more info Who's There is compatible with most firewall log formats, works great. I'm having a similar problem with a particular trojan horse trying to access my machine, connections from around the world... weird. My cable modem never stops blinking, there's always someone trying to access something on my machine. :rolleyes:

  3. St. George thread starter macrumors member

    May 7, 2003
    Tried looking at for 'who's there.' I'm not getting into 40% of sites at the moment (which I suspect has something to do with the continued pinging) and keep getting the message box:

    "Could not open the page

    Could not open the page "http://" because the
    network connection was reset. This sometimes
    occurs when the server is busy."

    I have a cable connection as well but NTL say the network is ok at the moment.
    (note- the above www.macupdate... is an example url)

    For anybody that can help with the cyberkit 2.2 windows pinging I've got the following explanation - which means little to me:)
  4. Rower_CPU Moderator emeritus


    Oct 5, 2001
    San Diego, CA
    I know that the Nachi virus causes a lot of extra network traffic due to ICMP pings. It could be that there is/are infected machine/s on your local network (home or ISP) and that is causing all the extra traffic.
  5. St. George thread starter macrumors member

    May 7, 2003
    Rower-CPU - I believe you are correct.

    Just called NTL and the chap on the line admitted that there is either a new virus or the old ones (msblast et al) were still causing havoc.

    I've changed my proxy settings so I'm sitting on a different server in the country - this is much better for the above browser problems... still getting pinged - most probably by infected ms machines.

    My firewall's up in anycase...


Share This Page