[Snort-users] ICMP Time Exceeded

Sakshale Equorian sakshale at ...131...
Wed Jan 31 13:32:32 EST 2001


Since I upgraded the my rule sets to the ones
on sourceforge, I am getting buried with these
messages.

[**] ICMP Time Exceeded [**]
01/31-01:39:15.065695 REMOTE-HOST -> LOCAL-HOST
ICMP TTL:245 TOS:0xC0 ID:42205 IpLen:20 DgmLen:56
Type:11  Code:0  TTL EXCEEDED
00 00 00 00 45 00 00 4C 47 BF 00 00 01 11 E1 AC 
....E..LG.......
C0 56 06 08 C0 D8 08 FF 09 ED 00 7B 00 38 73 A5 
.V.........{.8s.


The thing that concerns/confuses me is that the local
host is our VPN gateway, while the remote host has a
bbnplanet address, which is not on our list of VPN
clients.

Sakshale

__________________________________________________
Get personalized email addresses from Yahoo! Mail - only $35 
a year!  http://personal.mail.yahoo.com/




More information about the Snort-users mailing list