dns servers

["snortlst snortlst" <snortlst () hotmail com>]

I see in the snort alert file a lot of entries like that:
dns server1 > firewall > ICMP unreachable
dns server2 > firewall > ICMP unreachable

(those are AT&T dns servers that are listed in DNS_SERVERS in snort.conf)
Questions:
1. Why I do receive those messages? (They're supposed to be ignored because
of the DNS_SERVERS entry in snort.conf, right?)
2. Do you have any idea why dns severs send icmp traffic to our firewall?
(the're supposed to be talking udp-53 and that's it...)

Thanks.


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users