[Snort-users] snort alert
sommai at ...3847...
Tue Oct 16 23:14:09 EDT 2001
I have been run snort for a few days. In snort alert log file contain this msg
[**] [1:472:1] ICMP redirect host [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
10/17-12:57:14.059790 xxx.xxx.xxx.2 -> xxx.xxx.xxx.28
ICMP TTL:2 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:5 Code:1 REDIRECT
[Xref => http://www.whitehats.com/info/IDS135]
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0265]
What does it mean? why snort tell us to know bad traffic between 2 IP
Address? did it have any serious about my network configuration?
More information about the Snort-users