Snort mailing list archives
ICMP alerts from broadcast?
From: "Johnson, David" <DJohnson () IronMountain com>
Date: Thu, 31 May 2001 15:56:58 -0400
Hello all, I'm new to IDS and have set up a Snort machine in my DMZ. Within the first day, activity looks pretty light, but I'm getting hundreds of "ICMP Destination Unreachable (Port Unreachable)" alerts logged with a source address that matches the broadcast address for my DMZ's subnet. Most of these alerts show a destination address of the snort machine itself, but some also show destinations of 4 other DMZ machines. Do I have something to worry about here (as in spoofed packets) or is this harmless chatter? Thanks for the help.
Current thread:
- ICMP alerts from broadcast? Johnson, David (May 31)
- <Possible follow-ups>
- ICMP alerts from broadcast? Johnson, David (May 31)