Snort mailing list archives

Re: ICMP Destination Unreachable (Port Unreachable)

From: Erek Adams <erek () theadamsfamily net>
Date: Sun, 14 Apr 2002 19:02:05 -0700 (PDT)

On Wed, 10 Apr 2002, Tony Wong wrote:

I dont understand why I keep getting these "ICMP Destination Unreachable
(Port Unreachable)" in my alerts. the source is from a pc to an apache web
server. Running


I ran ethereal on the pc when doing an ftp and this is usually when it
happens.

I get an ICMP Destination Unreachable when doing an ftp. I can ftp in ok
no problems but why these ICMP Destination Unreachable messages?


You'll need to have a look at the decoded packet dumps.  They should list the
packet headers that caused the "other" server to respond with a ICMP message.
What ports does that refer to?  If it's a Win32 based machine that the
original packets are coming from, I'd suspect it's to do with the broken way
in which MS does lookups.  Many times it tries to do a SMB/WINS querey on the
name, IIRC.

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

ICMP Destination Unreachable (Port Unreachable) Tony Wong (Apr 14)
- Re: ICMP Destination Unreachable (Port Unreachable) Pierre (Apr 14)
- Re: ICMP Destination Unreachable (Port Unreachable) Erek Adams (Apr 14)
  - RE: ICMP Destination Unreachable (Port Unreachable) Tony Wong (Apr 16)