Snort mailing list archives
Re: ICMP Destination Unreachable
From: "Kenneth G. Arnold" <bkarnold () cbu edu>
Date: Sat, 8 Mar 2003 09:19:08 -0600 (CST)
On Sat, 8 Mar 2003, [iso-8859-1] Always Bishan wrote:
hi alert:ICMP Destination Unreachable (Communication Administratively Prohibited) source:12.125.75.126 source port:42491 destination:192.168.0.4 destination port:8403 protocol:ICMP 1) how can I know about this alert? what does it mean ?
It means that IP address 192.168.0.4 in your network tried to send a packet to an IP address somewhere in the network controlled by 12.125.75.126 and this action was blocked, probably by an access list. Device 12.125.75.126 is responding back telling 192.168.0.4 that this action cannot be completed. The alerts file should tell you what the original datagram was that caused this response from the network device in the other network.
2) what does these port nos. suggest ?
I don't think that the port numbers mean anything in this case.
3) is it a false alert ?
You need to determine what the original datagram was in order to determine if this alert means anything to you. It is the original IP addresses and port numbers that are important. Ken
Please do help :) regards, Bishan __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ICMP Destination Unreachable Dennis Gorman (Feb 05)
- Re: ICMP Destination Unreachable Kenneth G. Arnold (Feb 05)
- RE: ICMP Destination Unreachable Dennis Gorman (Feb 05)
- RE: ICMP Destination Unreachable twig les (Feb 05)
- RE: ICMP Destination Unreachable Kenneth G. Arnold (Feb 05)
- RE: ICMP Destination Unreachable Dennis Gorman (Feb 05)
- Re: ICMP Destination Unreachable Kenneth G. Arnold (Feb 05)
- Re: ICMP Destination Unreachable twig les (Feb 05)
- Re: ICMP Destination Unreachable Matt Kettler (Feb 05)
- <Possible follow-ups>
- ICMP Destination Unreachable Always Bishan (Mar 08)
- Re: ICMP Destination Unreachable Kenneth G. Arnold (Mar 08)
- Re: ICMP Destination Unreachable Erek Adams (Mar 08)
- Re: ICMP Destination Unreachable Matt Kettler (Mar 08)