RE: Alert Question

[Ju Kong Fui <kongfui () TP EDU SG>]

The remote network was not pinging your network.

Someone in your internal network was trying to communicate with a host in
157.130.0.0, and the router 157.130.65.122 is telling your router 10.1.0.55
that this host is not reachable (by sending icmp host unreachable).

-----Original Message-----
From: Lists [mailto:lists () ironcomet com] 
Sent: Thursday, November 29, 2001 2:06 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Alert Question


Hello all. I was wondering if someone can help me to understand the alerts I
am seeing in Snort.

They come every 3 minutes and here is the alert-
11/29-12:48 18.525622 [**] [1:399] <\Device\Packet_> ICMP Destination
Unreachable (Host Unreachable) [**] {ICMP} 157.130.65.122 -> 10.1.0.55

10.1.0.55 is the internal router seperating the my internal network from the
DMZ network. I can't move Snort to the Internal network because it is
switched (switches without SPAN type ports). So, I can't find out what
machine on the inside is receiving these.

I ran a WHOIS on the address-

157.130.0.0 - 157.130.255.255

UUNET Technologies, Inc.
3060 Williams Drive
Fairfax, VA 22031
US

So, why is UUNET pinging me every 3 minutes?

Can anybody help with this?

Thanks in advance.


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users