Snort mailing list archives

RE: Alerts

From: "Brian Jameson" <tech () jameson co uk>
Date: Wed, 26 Jan 2005 18:02:05 -0000

David wrote

I have Snort running on a Fedora Core 3 server.  I see alot of ICMP
Destination Unreachable Communication with Destination Host is
Administratively Prohibited    alerts.  The problem is it appears that
my server is the source IP.  Is my server running rouge pings?  Or is
it as I suspect that someone has scanned or pingged(sp) my server but
is unable to respond?  Thanks in advance.

David Young


I came across the same thing when I upgraded to Fedora Core 3. The ICMP
Destination Unreachables for me were down to the Firewall on the Fedora
Core 3 machines. In /etc/sysconfig/iptables are the rules fed to iptables
and in Core 3 the final line is a:-
'-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited' if the
firewall is activated. I changed this to a DROP and removed the
--reject-with icmp-host-prohibited and the problem went away.

regards,
Brian



-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Alerts David Young (Jan 25)
- RE: Alerts Brian Jameson (Jan 26)
- <Possible follow-ups>
- RE: Alerts Hugo Chun Hin Lai (Jan 26)
  - Re: Alerts Bill Parker (Jan 26)
- Alerts Brian Stamper (Feb 03)
- RE: Alerts Schott, Erik J Mr ANOSC/FCBS (Feb 03)