Snort mailing list archives

Re: ICMP Destination ... (Port Unreachable) Help

From: Erek Adams <erek () snort org>
Date: Tue, 28 Jan 2003 17:22:29 -0500 (EST)

On Tue, 28 Jan 2003, Brian Blake wrote:

In the past two day's I have had a machine generating over 5k hits a day.
The traffic shows up via snort as ICMP Destination Unreachable (Port
Unreachable).  The machine in question has sent this same traffic two about
10 different address, but both on the same day.  I have talked with two
other people who know networking and TCP/IP and they are just as stumped.
The system is running upto date with McAfee Virusscan 4.51 sp1.  Below you
will find the info extracted from snort.  I researched port 137 scans on
Sans Website with no real help.


[...snip...]

Google is your friend:

http://216.239.51.100/search?q=cache:Sl6EBNYOWx8C:www.finchhaven.com/pages/incidents/030102_udp_137.html+%22port+137%22+%22CKAAA%22&hl=en&ie=UTF-8

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

ICMP Destination ... (Port Unreachable) Help Brian Blake (Jan 28)
- Re: ICMP Destination ... (Port Unreachable) Help Erek Adams (Jan 28)
- <Possible follow-ups>
- RE: ICMP Destination ... (Port Unreachable) Help Semerjian, Ohanes (Feb 02)