[Snort-users] Snort ICMP # 485

Timm Schneider timm at ...9742...
Mon Nov 24 01:54:03 EST 2003


Hi all,

in my Alerts File there is often the entry #485 d.h. ICMP 
Administrative Prohibited.
On the Snort site i have read what is about #485.
Now i have a question what exactly mean this.


11/22-05:59:19.952942       57.72.1.170 ->  195.143.234.178
 Date-Hour           ???                                                my IP          

Packet Filtered

Original Datagram Dump

195.143.234.178 -> 57.72.7.62


Why are the IP's not identical ?
What means that?

Snort becomes tho know the real Spoofing Address?


Thanks in advance.



Timm Schneider
-------------------
Musik-digital-Markt
Siegesstr.22a
80802 München
Voice: 089/ 51997011
Fax: 089/ 51997012
www.mdmarkt.de
HD-Recording
Netzwerktechnik
Studiotechnik
Unsere Mails werden mit Kaspersky AVP Virenscan geprüft.





More information about the Snort-users mailing list