Snort mailing list archives

Re: ICMP Destination Unreachable (Port Unreachable)

From: Pierre <pierre () pallix ca>
Date: Sun, 14 Apr 2002 14:35:54 -0500

On April 10, 2002 05:00 pm, Tony Wong wrote:

I dont understand why I keep getting these "ICMP Destination
Unreachable (Port Unreachable)" in my alerts. the source is from a
pc to an apache web server. Running


I ran ethereal on the pc when doing an ftp and this is usually when
it happens.

I get an ICMP Destination Unreachable when doing an ftp. I can ftp
in ok no problems but why these ICMP Destination Unreachable
messages?

Thanks

I have never used ethereal so I could be way off here, but maybe its 
disabling PINGs.  Try <ping -c 1 "FTP Destination ip">  while running 
ethereal and then when its off.  If it fails only when its on then I 
would suspect ethereal is disabling pings (intentionally or 
unintentionally I don't know. I have heard of people having problems 
with that software before.) which would result in the "ICMP 
Destination Unreachable (Port Unreachable)" in your alerts.

For a very detailed analysis of ICMP packets check out  
http://rr.sans.org/audit/more_ICMP.php

-- 
-- PALLIX Web Hosting  www.pallix.ca

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

ICMP Destination Unreachable (Port Unreachable) Tony Wong (Apr 14)
- Re: ICMP Destination Unreachable (Port Unreachable) Pierre (Apr 14)
- Re: ICMP Destination Unreachable (Port Unreachable) Erek Adams (Apr 14)
  - RE: ICMP Destination Unreachable (Port Unreachable) Tony Wong (Apr 16)