[Snort-users] ICMP alerts from broadcast?
DJohnson at ...2087...
Thu May 31 14:01:54 EDT 2001
I'm new to IDS and have set up a Snort machine in my DMZ. Within the first
day, activity looks pretty light, but I'm getting hundreds of "ICMP
Destination Unreachable (Port Unreachable)" alerts logged with a source
address that matches the broadcast address for my DMZ's subnet. Most of
these alerts show a destination address of the snort machine itself, but
some also show destinations of 4 other DMZ machines.
Do I have something to worry about here (as in spoofed packets) or is this
Thanks for the help.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users