Snort mailing list archives

Previous By Date Next
Previous By Thread Next

ICMP Destination Unreachable

From: Francesca Milanini <francesca.milanini () fastwebnet it>
Date: 17 Jul 2002 12:53:26 +0200
Hello! I need your help. Could you replay to this address if you'll
replay today or to fra.mila () tiscalinet it il you'll replay tomorrow?
I used Snort; but I don't understand why I found only messages like
these:

ICMP Destination Unreachable (Communication with Destintation Host in
Administratively Prohibited)
from an external IP to an IP of my home-net

ICMP Destination Unreachable (Communication Administratively Prohibited)
from an IP of my home-net to an IP of my home-net or
from an IP of my home-net to an external IP

The rule is in "icmp.rules" and it's:
alert icmp any any -> any any (msg:"ICMP Destination
Unreachable(Communication Administratively Prohibited)".......)

why they put "any any -> any any" ?

are these messages important? what would you say about them?
is it possible I find ONLY these messages (an "alert" in /var/log/snort/
of 2 GB in 24 hours with ONLY messages like these)?

Thanks, Francesca



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: