[Snort-users] Newbie "what does this mean" question

Ian Hunter ihunter at ...384...
Fri Oct 18 12:27:11 EDT 2002


Why would/how could my ISP's router know anything about my internal network
(dest IP = 192.168.1.20) behind a firewall doing NAT/masquerade?

----- Original Message -----
From: "Alberto Gonzalez" <ag-snort at ...7149...>
To: "Ian Hunter" <ihunter at ...384...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Friday, October 18, 2002 6:10 PM
Subject: Re: [Snort-users] Newbie "what does this mean" question


> first, IMHO you should upgrade your snort distribution. (eg 1.9.0
> http://www.snort.org/dl/snort-1.9.0.tar.gz)
> actually its pretty sel explanatory what this is, ICMP _destination
> unreachable_. Alot of things could cause this.
> I usally get these messages from my ISP's router.
>
>
> Ian Hunter wrote:
>
> >I'm running snort-1.8.4-3 on SuSE 8.0, and I'm getting TONS of messages
that
> >look like:
> >
> >Oct 18 14:38:19 lucy snort: [1:485:2] ICMP Destination Unreachable
> >(Communication Administratively Prohibited) [Classification: Misc
activity]
> >[Priority: 3]: {ICMP} 130.59.33.17 -> 192.168.1.20
> >
> >The FAQ says ignore it unless there are lots, and if there are lots,
figure
> >out where they're coming from. ???
> >
> >What causes this?
> >
> >Thanks!
> >
> >
> >
> >
>
> --
> The secret to success is to start from scratch and keep on scratching.
>
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list