[Snort-users] Can we interpret the ICMP unreachable messages?
Robert E. Leever
bel1 at ...358...
Mon Nov 20 13:43:21 EST 2000
If the following:
[**] PING-ICMP Destination Unreachable [**]
11/19-14:35:30.698958 172.18.20.54 -> 172.18.5.31
ICMP TTL:255 TOS:0x0 ID:28987 DF
DESTINATION UNREACHABLE: PORT UNREACHABLE
Is what your seeing, in this particular case
the system returning the message  does not
have inetd running and the other system  has
an auto discovery program running on it.
If you turn off both tcp & udp echo in inetd.conf
this will happen too.
but.... it could be something else that I'm unaware
More information about the Snort-users