[Snort-sigs] more on logs

L. Christopher Luther CLuther at ...1474...
Fri Apr 25 08:40:05 EDT 2003


There is nothing special about the "Administratively Prohibited" message.
It's a basic Snort message indicating that some host generated an ICMP
Destination Unreachable packet and Snort is indicating that this type of
packet is "prohibited" by the "administrator".  

Look in icmp.rules for more details.  

- Christopher 


-----Original Message-----
From: Bryan Irvine [mailto:bryan.irvine at ...1441...]
Sent: Thursday, April 24, 2003 6:52 PM
To: 'snort-sigs at lists.sourceforge.net'
Subject: [Snort-sigs] more on logs


What does Administratively prohibited mean?
Is there a place where these can be looked up?

--Bryan

[**] ICMP Destination Unreachable (Communication Administratively
Prohibited) [**]
04/24-15:51:52.852197 134.95.110.65 -> 64.1.201.130
ICMP TTL:236 TOS:0x0 ID:16616 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
64.1.201.130:37071 -> 134.95.93.169:19525
TCP TTL:45 TOS:0x0 ID:44992 IpLen:20 DgmLen:60 DF
Seq: 0x31EA1DE5  Ack: 0x886AA83E
** END OF DUMP
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs




More information about the Snort-sigs mailing list