[Snort-users] ICMP: Destination Unreachable
tsevy at ...1701...
Thu Apr 5 13:28:28 EDT 2001
No. nt2118wk (111.222.333.444) is running What's Up Gold to simply monitor
& alert on up/down status of hosts (including 184.108.40.206).
From: shawn . moyer [mailto:shawn at ...1184...]
Sent: Thursday, April 05, 2001 12:57 PM
To: Tom Sevy
Cc: Snort Users (E-mail)
Subject: Re: [Snort-users] ICMP: Destination Unreachable
Tom Sevy wrote:
> I don't wish to stop the logging of this message, but rather would like to
> find out why I am seeing this:
> Apr 4 23:59:45 snort: ICMP Destination Unreachable: 111.222.333.444
> (nt2118wk) -> 220.127.116.11(NT401PRD)
> Yet I can go to nt2118wk and ping NT401PRD and it will work.
> Any thoughts on what could be causing this kind of false positive? Or a
> to determine what exactly on my network is giving the message back to
> nt2118wk about destination unreachable?
Is the 111.222.333.444 box 18.104.22.168's gateway? Possibly it has a bad
route and is trying to send to a host that the other box can't route to.
If you run tcpdump for a bit on the box you should see the whole
message, which should look like:
icmp dest unreachable for <blah>
You should then be able to investigate why 22.214.171.124 is trying to send
traffic to <blah>.
s h a w n m o y e r
shawn at ...1184...
"Nuclear war would really set back cable."
-- Ted Turner
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users