Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort ICMP # 485

From: Timm Schneider <timm () mdmarkt de>
Date: Mon, 24 Nov 2003 10:54:24 +0100
Hi all,

in my Alerts File there is often the entry #485 d.h. ICMP 
Administrative Prohibited.
On the Snort site i have read what is about #485.
Now i have a question what exactly mean this.


11/22-05:59:19.952942       57.72.1.170 ->  195.143.234.178
 Date-Hour           ???                                                my IP          

Packet Filtered

Original Datagram Dump

195.143.234.178 -> 57.72.7.62


Why are the IP's not identical ?
What means that?

Snort becomes tho know the real Spoofing Address?


Thanks in advance.



Timm Schneider
-------------------
Musik-digital-Markt
Siegesstr.22a
80802 München
Voice: 089/ 51997011
Fax: 089/ 51997012
www.mdmarkt.de
HD-Recording
Netzwerktechnik
Studiotechnik
Unsere Mails werden mit Kaspersky AVP Virenscan geprüft.



-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: