[Snort-users] ICMP Destination Unreachable
francesca.milanini at ...6264...
Wed Jul 17 07:19:05 EDT 2002
Hello! I need your help. Could you replay to this address if you'll
replay today or to fra.mila at ...3033... il you'll replay tomorrow?
I used Snort; but I don't understand why I found only messages like
ICMP Destination Unreachable (Communication with Destintation Host in
from an external IP to an IP of my home-net
ICMP Destination Unreachable (Communication Administratively Prohibited)
from an IP of my home-net to an IP of my home-net or
from an IP of my home-net to an external IP
The rule is in "icmp.rules" and it's:
alert icmp any any -> any any (msg:"ICMP Destination
Unreachable(Communication Administratively Prohibited)".......)
why they put "any any -> any any" ?
are these messages important? what would you say about them?
is it possible I find ONLY these messages (an "alert" in /var/log/snort/
of 2 GB in 24 hours with ONLY messages like these)?
More information about the Snort-users