ICMP Time-To-Live Exceeded in Transit

[Erwin Van de Velde <erwin.vandevelde () ua ac be>]

Hi,

I'm using snort 2.1.0 and I'm getting quite a lot of these alerts (43% of the 
total of alerts). All packets that are logged, are going to a computer behind 
my router. I'm using NAT on the router, and my internal network has only one 
computer behind it: 192.168.0.2. Router has (DHCP configured IP, 192.168.0.1) 
as IP addresses. What can I do to get rid of all these messages, except 
disabling this rule? Is there a way to tweak snort, so that it does not 
generate these false positives anymore? 
Is it an error caused by shorewall, that I use on the router for NAT, or is 
there another reason why these alerts are generated?

Thanks in advance,

Erwin Van de Velde
Student of Antwerp University
Belgium



-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users