IDS mailing list archives
ICMP Destination Unreachable Port Unreachable
From: jerikl75 () gmail com
Date: 18 Dec 2007 20:18:38 -0000
My SNORT installation set of an alarm a few days back: "ICMP Destination Unreachable Port Unreachable" [Impact: Vulnerable] From "SNORT-sensor" at Thu Dec 13 13:24:59 2007 UTC [Classification: Misc Activity] [Priority: 3] {icmp} RemoteHostIP->LocalHostIP I have checked my firewall logs and confirmed that the LocalHost has been trying to connect to RemoteHost at that time and also checked a pcap-file from snort and found my LocalHost MAC-adress so it's not somekind of spoofing. The problem here is that the RemoteHost is NOT anything I want to talk to. I have scanned the LocalHost with several antivirus/antirootkit/antispyware byt can't find anything that could cause the connectionattempts. Has anyone seen anything like this before? What could possibly cause this? Is my LocalHost compromised? ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- ICMP Destination Unreachable Port Unreachable jerikl75 (Dec 18)
- <Possible follow-ups>
- Re: ICMP Destination Unreachable Port Unreachable proneetb (Dec 20)