[Snort-users] ICMP Source Quench
Chris.Keladis at ...6400...
Wed Aug 28 17:23:15 EDT 2002
Ofir Arkin wrote:
> With the next example an HP Open View system, based on HPUX B.11.0 operating system is probing the
> 172.18.2.x network in order to discover the network topology. Since this operation was done without
> any rate limiting of the sending of packets, at a certain point the HPUX machine has reached the point
> it is no longer able to process some incoming packets. Here is one of the ICMP Source Quench error
> messages it sent:
Just to add some additional information w.r.t HP/UX.
HP/UX prior to 11.x has a bug (it's documented in itrc somewhere) where
due to some design issue (i forgot the details off the top of my head)
caused it to generate quite a number of ICMP Source Quench's.
I remember Snort going nuts reporting Source Quench's, before i got our
guys to install the patches, and i've hardly seen one since.
There are patches for all supported versions of HP/UX, and i beleive
this is fixed in HP/UX 11.x (i vaguely remember it had something do with
the streams driver).
Email me privately and i can dig up specifics if required..
More information about the Snort-users