Snort mailing list archives
Re: ICMP Destination Unreachable
From: twig les <twigles () yahoo com>
Date: Wed, 5 Feb 2003 13:37:20 -0800 (PST)
We block these messages at the borders going out because scanners use them for UDP port mapping. That said, I'm trying to persuade our security poobah to let me kill the sig too since the destination unreachables aren't actually getting out after snort picks them up. It *is* giving us info about potential scans but I work in an ISP environment ... the number of alerts does more harm than good. As someone else quipped recently, voluminous numbers of false positives may cause everyone to ignore everything. --- Dennis Gorman <dennisg () northshoreagency com> wrote:
I have received over 7000 "ICMP Destination Unreachable (Communication Administratively Prohibited)" alerts in the last 6 days. I look on snort.org for info about this alert, but I'm still unsure if this is something I need to worry about, and if not how can I remove this alert? I'm run snort on a MS Windows 200 Server. Thanks, Dennis Gorman Network Manager North Shore Agency ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
===== ----------------------------------------------------------- Know yourself and know your enemy and you will never fear defeat. ----------------------------------------------------------- __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ICMP Destination Unreachable Dennis Gorman (Feb 05)
- Re: ICMP Destination Unreachable Kenneth G. Arnold (Feb 05)
- RE: ICMP Destination Unreachable Dennis Gorman (Feb 05)
- RE: ICMP Destination Unreachable twig les (Feb 05)
- RE: ICMP Destination Unreachable Kenneth G. Arnold (Feb 05)
- RE: ICMP Destination Unreachable Dennis Gorman (Feb 05)
- Re: ICMP Destination Unreachable Kenneth G. Arnold (Feb 05)
- Re: ICMP Destination Unreachable twig les (Feb 05)
- Re: ICMP Destination Unreachable Matt Kettler (Feb 05)
- <Possible follow-ups>
- ICMP Destination Unreachable Always Bishan (Mar 08)
- Re: ICMP Destination Unreachable Kenneth G. Arnold (Mar 08)
- Re: ICMP Destination Unreachable Erek Adams (Mar 08)
- Re: ICMP Destination Unreachable Matt Kettler (Mar 08)