RE: ICMP Destination Unreachable

["Wirth, Jeff" <WirthJe () DNB com>]

> don't know why I am getting a ton of these in alert log 
>
> ICMP Destination Unreachable (Port Unreachable) [**] [Classification: Misc
activity] [Priority: 3] {ICMP}
 
This is a standard response to a UDP request sent to a closed port. The
source of this traffic would indicate who received the original UDP request.
 
i.e. IF source = you then...
 
Someone outside your network sent a UDP request to a closed port.  Your host
(or firewall) sent a ICMP "Port Unreachable" in response.  This could
indicate a mis-configured client somewhere or UDP port scanning attempts (Do
you see any correlating data in your portscan log?)
 
Hope this helps,
 
- Jeff