Snort mailing list archives

Re: Too many ICMP Destination Unreachable (Port Unreachable)

From: Ralf Hildebrandt <Ralf.Hildebrandt () innominate com>
Date: Sat, 23 Jun 2001 09:57:38 +0200

On Fri, Jun 22, 2001 at 04:58:18PM -0300, jjaime () ticket-accor com ar wrote:

My relay mail, have problems of  deferred mensages for "Host not found".


These two are related.

Today Snort detect +/- 1600 ICMP Destination Unreachable (Port Unreachable)
from my DNS, distributed this way:


You mean the DNS is unreachable?

a) verify if you DNS is working properly. Use "dig", not "nslookup"
b) make your DNS listen to 127.0.0.1 only (if your DNS is only used
   from the MTA on the same machine), that way nobody can "see" the
   DNS, since it's bound to the loopback interface.
   
-- 
ralf.hildebrandt () innominate com                            innominate AG
Technical Consultant                   Don't be afraid of what you see -
Diplom-Informatiker                     be afraid of what you don't see!
tel: +49.(0)7000.POSTFIX                        fax: +49.(0)30.308806-77


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Too many ICMP Destination Unreachable (Port Unreachable) jjaime (Jun 22)
- Re: Too many ICMP Destination Unreachable (Port Unreachable) Ralf Hildebrandt (Jun 23)