[Snort-sigs] more on logs

Nigel Houghton <nigel.houghton@...435...> nigel at ...435...
Mon Apr 28 07:49:34 EDT 2003


The Snort message is straight from the RFCs...

ICMP TYPE 3 Destination Unreachable  [RFC792]
     CODE 13 Communication Administratively Prohibited [RFC1812]

It may be disallowed in a number of different places depending on your
setup.

I believe you said:

:
:What does Administratively prohibited mean?
:Is there a place where these can be looked up?
:
:--Bryan
:
:[**] ICMP Destination Unreachable (Communication Administratively
:Prohibited) [**]
:04/24-15:51:52.852197 134.95.110.65 -> 64.1.201.130
:ICMP TTL:236 TOS:0x0 ID:16616 IpLen:20 DgmLen:56
:Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
:PACKET FILTERED
:** ORIGINAL DATAGRAM DUMP:
:64.1.201.130:37071 -> 134.95.93.169:19525
:TCP TTL:45 TOS:0x0 ID:44992 IpLen:20 DgmLen:60 DF
:Seq: 0x31EA1DE5  Ack: 0x886AA83E
:** END OF DUMP
:=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+




More information about the Snort-sigs mailing list