Snort mailing list archives

Too many ICMP Destination Unreachable (Port Unreachable)

From: <jjaime () ticket-accor com ar>
Date: Fri, 22 Jun 2001 16:58:18 -0300 (ART)

Hello list,

My relay mail, have problems of  deferred mensages for "Host not found".

The configuration of my network

      internet
         |
         '==snort
         |
      Firewall---DNS/WEBSERVER---RELAY/MAIL
         |
         |
    ----LAN-----

Today Snort detect +/- 1600 ICMP Destination Unreachable (Port Unreachable)
from my DNS, distributed this way:

+98% from one IP Block :

xxx.xxx.169.252 1070 signatures
xxx.xxx.169.225  450 signatures
xxx.xxx.169.235   11 signatures
xxx.xxx.169.230    1 signatures
xxx.xxx.169.243    1 signatures
xxx.xxx.169.236    1 signatures
xxx.xxx.169.244    1 signatures

[**] ICMP Destination Unreachable (Port Unreachable) [**]
 06/21-14:59:36.689436 xxx.xxx.169.252 -> xxx.xxx.211.30
 ICMP TTL:246 TOS:0x20 ID:38330 IpLen:20 DgmLen:100
 Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
 ** ORIGINAL DATAGRAM DUMP:
 xxx.xxx.211.30:53 -> xxx.xxx.169.252:61536
 UDP TTL:120 TOS:0x0 ID:21774 IpLen:20 DgmLen:72
 Len: 52
 
That it means, my dns this badly formed? Is on attack? 

Thanks a lot.






_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Too many ICMP Destination Unreachable (Port Unreachable) jjaime (Jun 22)
- Re: Too many ICMP Destination Unreachable (Port Unreachable) Ralf Hildebrandt (Jun 23)