[Snort-users] time exceeded packets

Miller, William T DISC4/Sytex William.Miller at ...331...
Tue Aug 15 12:47:36 EDT 2000


This could be trying to firewalk your firewall. Cant really tell without
more info but... this is what firewalking would look like with icmp.
							Toby 


I recieved a few of these in my logs last night.  Does someone know what
caused this?

thanks,
Pete


[**] PING-ICMP Time Exceeded [**]
08/15-07:51:38.747462 0:E0:F7:53:51:0 -> 0:90:27:6A:1F:11 type:0x800
len:0x46
146.188.242.17 -> XXX.XXX.XXX.XXX ICMP TTL:247 TOS:0x0 ID:0
TTL EXCEEDED
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
[**] PING-ICMP Time Exceeded [**]
08/15-07:51:38.747462 0:E0:F7:53:51:0 -> 0:90:27:6A:1F:11 type:0x800
len:0x46
146.188.242.17 -> XXX.XXX.XXX.XXX ICMP TTL:247 TOS:0x0 ID:0
TTL EXCEEDED
00 00 00 00 45 00 02 6F A3 A0 00 00 01 11 0C 2F  ....E..o......./
CF F3 78 14 D8 03 E7 A3 6F 5E 1B 3A 02 5B 56 3A  ..x.....o^.:.[V:

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
[**] PING-ICMP Time Exceeded [**]
08/15-07:51:38.555454 0:E0:F7:53:51:0 -> 0:90:27:6A:1F:11 type:0x800
len:0x46
146.188.242.126 -> XXX.XXX.XXX.XXX ICMP TTL:247 TOS:0x0 ID:0
TTL EXCEEDED
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
[**] PING-ICMP Time Exceeded [**]
08/15-07:51:38.555454 0:E0:F7:53:51:0 -> 0:90:27:6A:1F:11 type:0x800
len:0x46
146.188.242.126 -> XXX.XXX.XXX.XXX ICMP TTL:247 TOS:0x0 ID:0
TTL EXCEEDED
00 00 00 00 45 00 01 56 A3 9C 00 00 01 11 0D 4C  ....E..V.......L
CF F3 78 14 D8 03 E7 A3 6F 5E 1B 3A 01 42 EC 73  ..x.....o^.:.B.s

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+





_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/snort-users




More information about the Snort-users mailing list