Snort mailing list archives

RE: ICMP destination doubt

From: "Gregory W. Ratcliff" <gratcliff () argusnetsec com>
Date: Sat, 22 Mar 2003 00:53:29 -0500

Clayton,
 
The format is source port > destination port
 
There may be a couple of reasons for this.  It may be a response from
something else that's misconfigured, or it could have been a crafted
packet.
 
Good luck,
 
 
Greg Ratcliff
Argus
www.argusnetsec.com <http://www.argusnetsec.com/> 
 
 
 
-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Clayton
Mascarenhas
Sent: Wednesday, March 19, 2003 1:30 PM
To: Snort Users
Subject: [Snort-users] ICMP destination doubt
 
 
01/29-00:17:09.057769 [**] [1:485:2]
<file:///C:\Users\Clayton\Research\Attks_in_Snortsnarf\108.X_network\012
903\snfout.alert0015-0030.ids\sig\sigsid-485.html> ICMP Destination
Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] {ICMP}
<file:///C:\Users\Clayton\Research\Attks_in_Snortsnarf\108.X_network\012
903\snfout.alert0015-0030.ids\10\173\0\src10.173.0.15.html> 10.x.x.x ->
<file:///C:\Users\Clayton\Research\Attks_in_Snortsnarf\108.X_network\012
903\snfout.alert0015-0030.ids\132\170\108\dest132.170.108.1.html>
132.x.x.x...

Current thread:

ICMP destination doubt Clayton Mascarenhas (Mar 21)
- RE: ICMP destination doubt Gregory W. Ratcliff (Mar 21)