[Snort-users] whats the meaning

Fyodor fygrave at ...121...
Wed Oct 17 07:25:21 EDT 2001


On Wed, Oct 17, 2001 at 07:47:14AM -0400, Greg Sarsons wrote:
> Just did a search and didn't see what I want so I'm asking
> 
> I've got snort logging on a nic that doesn't have an IP address.  This
> am I just check syslog and saw a 5 or six entries from snort saying ICMP
> Unreachable IP short Header ( 1 bytes)
> 

Very likely icmp unreach packet with corrupted fields. (not enough data
of original datagram or something). Some 'broken' ip stacks could
generate such. (read Ofir's paper for more details).




More information about the Snort-users mailing list