[Snort-users] Alert Question

Lists lists at ...2694...
Wed Nov 28 22:07:02 EST 2001


Hello all. I was wondering if someone can help me to understand the alerts I
am seeing in Snort.

They come every 3 minutes and here is the alert-
11/29-12:48 18.525622 [**] [1:399] <\Device\Packet_> ICMP Destination
Unreachable (Host Unreachable) [**] {ICMP} 157.130.65.122 -> 10.1.0.55

10.1.0.55 is the internal router seperating the my internal network from the
DMZ network. I can't move Snort to the Internal network because it is
switched (switches without SPAN type ports). So, I can't find out what
machine on the inside is receiving these.

I ran a WHOIS on the address-

157.130.0.0 - 157.130.255.255

UUNET Technologies, Inc.
3060 Williams Drive
Fairfax, VA 22031
US

So, why is UUNET pinging me every 3 minutes?

Can anybody help with this?

Thanks in advance.





More information about the Snort-users mailing list