[Snort-users] ICMP REDIRECT HOST

Dirk Geschke Dirk at ...10648...
Sat Nov 29 04:43:03 EST 2003


Hi Paulius,

> Hmmz what is wrong here i get a lot of messages like this:
> 
> [**] ICMP redirect host [**]
> 11/28-04:42:15.156908 GATEWAY_IP -> MY_IP
> ICMP TTL:255 TOS:0xC0 ID:8567 IpLen:20 DgmLen:88
> Type:5  Code:1  REDIRECT HOST NEW GW: NEW_GATEWAY_ADDRESS
> ** ORIGINAL DATAGRAM DUMP:
> MY_IP:80 -> IP_QUERYING_SERVER:1370
> TCP TTL:64 TOS:0x0 ID:62447 IpLen:20 DgmLen:60 DF
> ***A**S* Seq: 0x4882360D  Ack: 0x85F021AF  Win: 0xE000  TcpLen: 40
> ** END OF DUMP
> 
> How to solve this, to not receive thousands messages like this? 
> And this is problem in my server or in my router?

without knowledge of your network it is a little bit difficult.

But I think your server has a wrong routing entry to IP_QUERYING SERVER.

So probably the server sends all traffic to your GATEWAY_IP. This
gateway informs your server about the wrong route.

So simply check your routing table.

Best regards

Dirk





More information about the Snort-users mailing list