Snort mailing list archives
RE: [!] WARNING: Truncated ICMP-UNREACH header (9 bytes)
From: "Stephen C Burns" <sburns () farpointer net>
Date: Thu, 5 Jul 2001 14:24:18 -0500
Thank you, Is there any particular reason why this would be considered an event to be "alerted" over? I assume that if there were, it would be some type of DoS, but I am unaware of any that would use such construction. Thank you for your response(s) - -----Original Message----- From: Fyodor [mailto:fygrave () tigerteam net] Sent: Thursday, July 05, 2001 2:23 PM To: Stephen C Burns Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] [!] WARNING: Truncated ICMP-UNREACH header (9 bytes) On Thu, Jul 05, 2001 at 01:42:26PM -0500, Stephen C Burns wrote:
Hey all, I am running Snort v1.7 on a Linux machine running the 2.4.5 kernel on
an IP-based network. I receive the following message in my syslog-ng and my Snort "alerts" file. A tcpdump on the binary formatted capture
file reveals nothing! Any clues? Snort rocks. Thanks all! [!] WARNING: Truncated ICMP-UNREACH header (9 bytes)
According to rfc icmp unreach packet should be: ip header (20 bytes or more) + 8 bytes (icmp hader) + 64 bits (8 bytes) original datagram. In your case instead of last 16 bytes there were only 9 (8 -- icmp header + 1 byte of original datagram?) _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- [!] WARNING: Truncated ICMP-UNREACH header (9 bytes) Stephen C Burns (Jul 05)
- Re: [!] WARNING: Truncated ICMP-UNREACH header (9 bytes) Fyodor (Jul 05)
- RE: [!] WARNING: Truncated ICMP-UNREACH header (9 bytes) Stephen C Burns (Jul 05)
- Re: [!] WARNING: Truncated ICMP-UNREACH header (9 bytes) Fyodor (Jul 05)