[Snort-users] ICMP destination unreachable

Ralf Günthner tgue at ...106...
Tue Aug 1 04:34:24 EDT 2000


Jan,

>So, my host is xx.xxx.x.xxx... am I being pinged from outside and
>snort notices my host doesn't answer...?

It's rather like this: The Internet host is telling your host, that another (?) host it tried to reach simply doesn't exist. 

2nd case:

>[**] ICMP Destination Unreachable [**]
>07/31-15:41:40.080362 xx.xxx.x.xxx -> 194.221.121.196
>ICMP TTL:64 TOS:0xC0 ID:29773 
>DESTINATION UNREACHABLE: PORT UNREACHABLE

>This is what really bewilders me. Am I getting this right: My
>host is sending out ICMP packets which can't reach their
>destination...???

Not quite: Your host says to Columbia Tristar (that's what it is, I checked) that it tried to communicate with your host on a port that's not open.  Hmmm..But why it would do this, is beyond my knowledge.

Does anyone else have an idea, why a website would use an unreachable port to a client? I know I see the reverse case quite often....

Jan, für weitere Fragen kannst Du mir gern auch auf Deutsch schreiben <g>

Cheers
Ralf







More information about the Snort-users mailing list