Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ICMP REDIRECT HOST

From: Paulius <stakys () punktas lt>
Date: Sat, 29 Nov 2003 19:03:14 +0200
Hmmz the fact is that the IP_QUERYING_SERVER is the random ip which connects to the server or sends a query for it. 
Hmmz mayby the problem is with my router that the provider said me to use GATEWAY_IP as my gateway but redirects it to 
the another ip NEW_GATEWAY_ADDRESS, mayby if i'll use that new gateways ip, it will stop that messages? But in that 
case i think i wont have the internet connection in my server anymore?

On 29 Nov 2003 13:42:47 +0100
Dirk Geschke <Dirk () geschke-online de> wrote:


Hi Paulius,


Hmmz what is wrong here i get a lot of messages like this:

[**] ICMP redirect host [**]
11/28-04:42:15.156908 GATEWAY_IP -> MY_IP
ICMP TTL:255 TOS:0xC0 ID:8567 IpLen:20 DgmLen:88
Type:5  Code:1  REDIRECT HOST NEW GW: NEW_GATEWAY_ADDRESS
** ORIGINAL DATAGRAM DUMP:
MY_IP:80 -> IP_QUERYING_SERVER:1370
TCP TTL:64 TOS:0x0 ID:62447 IpLen:20 DgmLen:60 DF
***A**S* Seq: 0x4882360D  Ack: 0x85F021AF  Win: 0xE000  TcpLen: 40
** END OF DUMP

How to solve this, to not receive thousands messages like this? 
And this is problem in my server or in my router?


without knowledge of your network it is a little bit difficult.

But I think your server has a wrong routing entry to IP_QUERYING SERVER.

So probably the server sends all traffic to your GATEWAY_IP. This
gateway informs your server about the wrong route.

So simply check your routing table.

Best regards

Dirk




-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: