Snort mailing list archives
RE: ICMP destination doubt
From: "Gregory W. Ratcliff" <gratcliff () argusnetsec com>
Date: Sat, 22 Mar 2003 00:53:29 -0500
Clayton, The format is source port > destination port There may be a couple of reasons for this. It may be a response from something else that's misconfigured, or it could have been a crafted packet. Good luck, Greg Ratcliff Argus www.argusnetsec.com <http://www.argusnetsec.com/> -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Clayton Mascarenhas Sent: Wednesday, March 19, 2003 1:30 PM To: Snort Users Subject: [Snort-users] ICMP destination doubt 01/29-00:17:09.057769 [**] [1:485:2] <file:///C:\Users\Clayton\Research\Attks_in_Snortsnarf\108.X_network\012 903\snfout.alert0015-0030.ids\sig\sigsid-485.html> ICMP Destination Unreachable (Communication Administratively Prohibited) [**] [Classification: Misc activity] [Priority: 3] {ICMP} <file:///C:\Users\Clayton\Research\Attks_in_Snortsnarf\108.X_network\012 903\snfout.alert0015-0030.ids\10\173\0\src10.173.0.15.html> 10.x.x.x -> <file:///C:\Users\Clayton\Research\Attks_in_Snortsnarf\108.X_network\012 903\snfout.alert0015-0030.ids\132\170\108\dest132.170.108.1.html> 132.x.x.x...
Current thread:
- ICMP destination doubt Clayton Mascarenhas (Mar 21)
- RE: ICMP destination doubt Gregory W. Ratcliff (Mar 21)