[Snort-users] ICMP REDIRECT HOST
Dirk at ...10648...
Sat Nov 29 04:43:03 EST 2003
> Hmmz what is wrong here i get a lot of messages like this:
> [**] ICMP redirect host [**]
> 11/28-04:42:15.156908 GATEWAY_IP -> MY_IP
> ICMP TTL:255 TOS:0xC0 ID:8567 IpLen:20 DgmLen:88
> Type:5 Code:1 REDIRECT HOST NEW GW: NEW_GATEWAY_ADDRESS
> ** ORIGINAL DATAGRAM DUMP:
> MY_IP:80 -> IP_QUERYING_SERVER:1370
> TCP TTL:64 TOS:0x0 ID:62447 IpLen:20 DgmLen:60 DF
> ***A**S* Seq: 0x4882360D Ack: 0x85F021AF Win: 0xE000 TcpLen: 40
> ** END OF DUMP
> How to solve this, to not receive thousands messages like this?
> And this is problem in my server or in my router?
without knowledge of your network it is a little bit difficult.
But I think your server has a wrong routing entry to IP_QUERYING SERVER.
So probably the server sends all traffic to your GATEWAY_IP. This
gateway informs your server about the wrong route.
So simply check your routing table.
More information about the Snort-users