[Snort-users] ICMP Time-To-Live Exceeded in Transit

Erwin Van de Velde erwin.vandevelde at ...10361...
Sat Dec 20 15:43:02 EST 2003


Hi,

I'm seeing quite a lot of these alerts with snort 2.1.0

My network: 2 computers: 1 connected to cable modem, the other connected to 
the first one (ethernet) and the first uses uses masquerading for connections 
from my local network (the second computer thus) to the internet.
Snort monitors both network interfaces on the first computer.

51% of all my alerts are ICMP Time-To-Live Exceeded in Transit. In comparison, 
I get 38% Cyberkit 2.0 pings (Welchia & co :-) ).

What's the explanation for this? And can I get rid of those alerts by tuning 
snort?

tnx in adv,
Erwin





More information about the Snort-users mailing list