[Snort-users] Too many ICMP Destination Unreachable (Port Unreachable)

Ralf Hildebrandt Ralf.Hildebrandt at ...821...
Sat Jun 23 03:57:38 EDT 2001


On Fri, Jun 22, 2001 at 04:58:18PM -0300, jjaime at ...2272... wrote:

> My relay mail, have problems of  deferred mensages for "Host not found".

These two are related.

> Today Snort detect +/- 1600 ICMP Destination Unreachable (Port Unreachable)
> from my DNS, distributed this way:

You mean the DNS is unreachable?

a) verify if you DNS is working properly. Use "dig", not "nslookup"
b) make your DNS listen to 127.0.0.1 only (if your DNS is only used
   from the MTA on the same machine), that way nobody can "see" the
   DNS, since it's bound to the loopback interface.
   
-- 
ralf.hildebrandt at ...821...                            innominate AG
Technical Consultant                   Don't be afraid of what you see -
Diplom-Informatiker                     be afraid of what you don't see!
tel: +49.(0)7000.POSTFIX                        fax: +49.(0)30.308806-77





More information about the Snort-users mailing list