[Snort-users] ICMP alerts from broadcast?

Johnson, David DJohnson at ...2087...
Thu May 31 14:01:54 EDT 2001


Hello all,

I'm new to IDS and have set up a Snort machine in my DMZ.  Within the first
day, activity looks pretty light, but I'm getting hundreds of "ICMP
Destination Unreachable (Port Unreachable)" alerts logged with a source
address that matches the broadcast address for my DMZ's subnet.  Most of
these alerts show a destination address of the snort machine itself, but
some also show destinations of 4 other DMZ machines.

Do I have something to worry about here (as in spoofed packets) or is this
harmless chatter?

Thanks for the help.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010531/dcc3ae4b/attachment.html>


More information about the Snort-users mailing list