Snort mailing list archives
ICMP Time-To-Live Exceeded in Transit
From: Erwin Van de Velde <erwin.vandevelde () ua ac be>
Date: Sun, 21 Dec 2003 00:42:32 +0100
Hi, I'm seeing quite a lot of these alerts with snort 2.1.0 My network: 2 computers: 1 connected to cable modem, the other connected to the first one (ethernet) and the first uses uses masquerading for connections from my local network (the second computer thus) to the internet. Snort monitors both network interfaces on the first computer. 51% of all my alerts are ICMP Time-To-Live Exceeded in Transit. In comparison, I get 38% Cyberkit 2.0 pings (Welchia & co :-) ). What's the explanation for this? And can I get rid of those alerts by tuning snort? tnx in adv, Erwin ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ICMP Time-To-Live Exceeded in Transit Erwin Van de Velde (Dec 20)
- <Possible follow-ups>
- ICMP Time-To-Live Exceeded in Transit Erwin Van de Velde (Dec 23)
- Re: ICMP Time-To-Live Exceeded in Transit Edin Dizdarevic (Dec 23)
- Re: ICMP Time-To-Live Exceeded in Transit Erwin Van de Velde (Dec 23)
- Re: ICMP Time-To-Live Exceeded in Transit Edin Dizdarevic (Dec 23)
- Re: ICMP Time-To-Live Exceeded in Transit Edin Dizdarevic (Dec 23)