Re: Alerts of the ICMP relationship with smtp connection?

[Paulo <listassec () yahoo com>]

Thanks Frank,

How can I to confirm this? The alerts are ICMP type 8.


Thanks by help again.

--- Frank Knobbe <frank () knobbe us> wrote:

> On Mon, 2005-05-30 at 13:40 -0700, Paulo wrote:
> > I didn't solve this yet. Please, anyone can help
> me?
>
> Maybe you didn't get responses because it's not a
> Snort related issue.
>
> To answer your question, read up on Path Maximum
> Transmit Unit (PMTU)
> Discovery by googling it. Here a couple links that
> Google spit out right
> away.
>
> http://www.netheaven.com/pmtu.html
> which also references
> ftp://ftp.rfc-editor.org/in-notes/rfc1191.txt
>
> While you are learning about PTMU, please review
> your firewall rule set
> and make sure you don't block ALL inbound ICMP
> packets. Please let at
> least type 3 and type 11 ICMP packets through.
>
> (Hint: The remote mail servers are sending a large
> ICMP packet in order
> to discover the MTU between them and you. It is
> harmless traffic.)
>
> Hope that helps,
> Frank



                
__________________________________ 
Discover Yahoo! 
Find restaurants, movies, travel and more fun for the weekend. Check it out! 
http://discover.yahoo.com/weekend.html 



-------------------------------------------------------
This SF.Net email is sponsored by: NEC IT Guy Games.  How far can you shotput
a projector? How fast can you ride your desk chair down the office luge track?
If you want to score the big prize, get to know the little guy.  
Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users