Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
[Snort-users] Newbie: why so many ICMPs?
From: John Bertagnolli (ijbertmac.com)
Date: Wed Jul 07 2004 - 21:50:05 CDT
I spent yesterday loading Fedora 2, snort and ACID. I have everything
working like I think it's supposed to. When I log into my ACID page, I
see literally hundreds of "ICMP Destination Unreachable Communication
with Destination Host is Administratively Prohibited" messages. The
source address is my IP, the destination address varies. These messages
are 90% of what I am seeing in ACID.
I can see these entries logged if I try to ftp to my machine, having
ftp off. My thought is that the service is denied, the ICMP is
generated, and my router is interfering. I have a Netgear ADSL Firewall
Router DG834. I have turned off NAT and added firewall holes to allow
all traffic inbound and output.
Is this a reasonable assumption? I could buy a new ADSL modem. Barring
that, could I turn these responses off, since they aren't getting past
my modem/router? Or is that something I shouldn't do?
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
Snort-users mailing list
Go to this URL to change user options or unsubscribe:
Snort-users list archive: