[Snort-users] ICMP Destination Unreachable

Francesca Milanini francesca.milanini at ...6264...
Wed Jul 17 07:19:05 EDT 2002


Hello! I need your help. Could you replay to this address if you'll
replay today or to fra.mila at ...3033... il you'll replay tomorrow?
I used Snort; but I don't understand why I found only messages like
these:

ICMP Destination Unreachable (Communication with Destintation Host in
Administratively Prohibited)
from an external IP to an IP of my home-net

ICMP Destination Unreachable (Communication Administratively Prohibited)
from an IP of my home-net to an IP of my home-net or
from an IP of my home-net to an external IP

The rule is in "icmp.rules" and it's:
alert icmp any any -> any any (msg:"ICMP Destination
Unreachable(Communication Administratively Prohibited)".......)

why they put "any any -> any any" ?

are these messages important? what would you say about them?
is it possible I find ONLY these messages (an "alert" in /var/log/snort/
of 2 GB in 24 hours with ONLY messages like these)?

Thanks, Francesca





More information about the Snort-users mailing list