[Snort-users] Alert ICMP Redirect

Daniel Rune Jensen soehest at ...3476...
Tue Sep 18 04:26:07 EDT 2001


Hi there :)
I'm getting this error a lot in /var/log/messages when snort is running:

Sep 17 09:46:52 vandet snort[11637]: [1:473:1] ICMP redirect net
[Classification: Potentially Bad Traffic] [Priority: 2]: {ICMP}
172.16.1.254 -> 195.215.170.15
Sep 16 16:27:43 vandet last message repeated 39 times
Sep 16 16:28:44 vandet last message repeated 41 times

i guess there is nothing harmfull in the traffic, it happens whan a guy on
the local network is connected to my ftp. We are about 3000 people who is
connected to the internet via cable modems, and the redirect
probably happens to save the "real" internet bandwidth when doing
transfers inside the net.

But how can i get rid of the errors without disabling icmp redirects
entirely, i only want to ignore those from 172.16.1.254 ?

Regards
Daniel Jensen





More information about the Snort-users mailing list