Re: Alerts of the ICMP relationship with smtp connection?

[Frank Knobbe <frank () knobbe us>]

On Mon, 2005-05-30 at 13:40 -0700, Paulo wrote:
> I didn't solve this yet. Please, anyone can help me?

Maybe you didn't get responses because it's not a Snort related issue.

To answer your question, read up on Path Maximum Transmit Unit (PMTU)
Discovery by googling it. Here a couple links that Google spit out right
away.

http://www.netheaven.com/pmtu.html
which also references ftp://ftp.rfc-editor.org/in-notes/rfc1191.txt

While you are learning about PTMU, please review your firewall rule set
and make sure you don't block ALL inbound ICMP packets. Please let at
least type 3 and type 11 ICMP packets through.

(Hint: The remote mail servers are sending a large ICMP packet in order
to discover the MTU between them and you. It is harmless traffic.)

Hope that helps,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part