Snort mailing list archives
ICMP issues in VPN
From: dogbert () netnevada net
Date: Fri, 23 Jul 2004 09:18:00 -0700
Hi all, Ok, now that I'm not going paranoid, here is the real question I am having. We used to connect two locations over a dedicated T-1, and now we do it via a VPN between cisco gear (no problem, everything works just fine). However, I have started seeing some traffic issues related to the following types of packets: % # packets priority type 75.1 999 low ICMP Large ICMP Packet 17.7 235 low ICMP L3retriever Ping 5.0 66 low ICMP PING NMAP This is from the snort-rep 1.10 system, btw. I would think that this is a false type positive, as these machines in question (MS SQL, Domain Controllers, Root Servers, and the IP addresses correspond to the IP addrs of these machines. How does one normally deal with a situation like this (i.e. - disregard ICMP for both networks which are 172.21.x.x and 10.1.1.x), etc? Any ideas would be helpful here :) Bill Parker p.s. - Does the snort mailing list deal well with HTML stuff, due to the fact that I sent an email from my home system (outlook express) and it got real sick (got a reply back from da mailing list, even)? ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ICMP issues in VPN dogbert (Jul 23)
- Re: ICMP issues in VPN Keith W. McCammon (Jul 23)