[Snort-users] snort alert

Sommai Fongnamthip sommai at ...3847...
Tue Oct 16 23:14:09 EDT 2001

	I have been run snort for a few days. In snort alert log file contain this msg

	[**] [1:472:1] ICMP redirect host [**]
	[Classification: Potentially Bad Traffic] [Priority: 2]
	10/17-12:57:14.059790 xxx.xxx.xxx.2 -> xxx.xxx.xxx.28
	ICMP TTL:2 TOS:0x0 ID:0 IpLen:20 DgmLen:56
	Type:5  Code:1  REDIRECT
	[Xref => http://www.whitehats.com/info/IDS135]
	[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0265]

	What does it mean? why snort tell us to know bad traffic between 2 IP 
Address?  did it have any serious about my network configuration?


More information about the Snort-users mailing list