|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Snort-users] Newbie: why so many ICMPs?
From: John Bertagnolli (ijbert
mac.com)
Date: Wed Jul 07 2004 - 21:50:05 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Greetings -
I spent yesterday loading Fedora 2, snort and ACID. I have everything
working like I think it's supposed to. When I log into my ACID page, I
see literally hundreds of "ICMP Destination Unreachable Communication
with Destination Host is Administratively Prohibited" messages. The
source address is my IP, the destination address varies. These messages
are 90% of what I am seeing in ACID.
I can see these entries logged if I try to ftp to my machine, having
ftp off. My thought is that the service is denied, the ICMP is
generated, and my router is interfering. I have a Netgear ADSL Firewall
Router DG834. I have turned off NAT and added firewall holes to allow
all traffic inbound and output.
Is this a reasonable assumption? I could buy a new ADSL modem. Barring
that, could I turn these responses off, since they aren't getting past
my modem/router? Or is that something I shouldn't do?
Thanks,
John
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]