Snort mailing list archives
RE: Alerts
From: "Brian Jameson" <tech () jameson co uk>
Date: Wed, 26 Jan 2005 18:02:05 -0000
David wrote
I have Snort running on a Fedora Core 3 server. I see alot of ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited alerts. The problem is it appears that my server is the source IP. Is my server running rouge pings? Or is it as I suspect that someone has scanned or pingged(sp) my server but is unable to respond? Thanks in advance. David Young
I came across the same thing when I upgraded to Fedora Core 3. The ICMP Destination Unreachables for me were down to the Firewall on the Fedora Core 3 machines. In /etc/sysconfig/iptables are the rules fed to iptables and in Core 3 the final line is a:- '-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited' if the firewall is activated. I changed this to a DROP and removed the --reject-with icmp-host-prohibited and the problem went away. regards, Brian ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Alerts David Young (Jan 25)
- RE: Alerts Brian Jameson (Jan 26)
- <Possible follow-ups>
- RE: Alerts Hugo Chun Hin Lai (Jan 26)
- Re: Alerts Bill Parker (Jan 26)
- Alerts Brian Stamper (Feb 03)
- RE: Alerts Schott, Erik J Mr ANOSC/FCBS (Feb 03)