[Snort-users] Can we interpret the ICMP unreachable messages?

Robert E. Leever bel1 at ...358...
Mon Nov 20 13:43:21 EST 2000


Hi

If the following:

[**] PING-ICMP Destination Unreachable [**]
11/19-14:35:30.698958 172.18.20.54 -> 172.18.5.31
ICMP TTL:255 TOS:0x0 ID:28987  DF
DESTINATION UNREACHABLE: PORT UNREACHABLE


Is what your seeing, in this particular case
the system returning the message [54] does not 
have inetd running and the other system [5] has
an auto discovery program running on it.

If you turn off both tcp & udp echo in inetd.conf
this will happen too.

but.... it could be something else that I'm unaware
of too.... 

b;)





More information about the Snort-users mailing list