Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Alert ICMP Redirect

From: Daniel Rune Jensen <soehest () innocent com>
Date: Tue, 18 Sep 2001 13:31:15 +0200 (CEST)
Hi there :)
I'm getting this error a lot in /var/log/messages when snort is running:

Sep 17 09:46:52 vandet snort[11637]: [1:473:1] ICMP redirect net
[Classification: Potentially Bad Traffic] [Priority: 2]: {ICMP}
172.16.1.254 -> 195.215.170.15
Sep 16 16:27:43 vandet last message repeated 39 times
Sep 16 16:28:44 vandet last message repeated 41 times

i guess there is nothing harmfull in the traffic, it happens whan a guy on
the local network is connected to my ftp. We are about 3000 people who is
connected to the internet via cable modems, and the redirect
probably happens to save the "real" internet bandwidth when doing
transfers inside the net.

But how can i get rid of the errors without disabling icmp redirects
entirely, i only want to ignore those from 172.16.1.254 ?

Regards
Daniel Jensen


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: