[Snort-users] ICMP REDIRECT HOST

Paulius stakys at ...10650...
Sat Nov 29 05:14:01 EST 2003


Hmmz the fact is that the IP_QUERYING_SERVER is the random ip which connects to the server or sends a query for it. Hmmz mayby the problem is with my router that the provider said me to use GATEWAY_IP as my gateway but redirects it to the another ip NEW_GATEWAY_ADDRESS, mayby if i'll use that new gateways ip, it will stop that messages? But in that case i think i wont have the internet connection in my server anymore?

On 29 Nov 2003 13:42:47 +0100
Dirk Geschke <Dirk at ...10648...> wrote:

> Hi Paulius,
> 
> > Hmmz what is wrong here i get a lot of messages like this:
> > 
> > [**] ICMP redirect host [**]
> > 11/28-04:42:15.156908 GATEWAY_IP -> MY_IP
> > ICMP TTL:255 TOS:0xC0 ID:8567 IpLen:20 DgmLen:88
> > Type:5  Code:1  REDIRECT HOST NEW GW: NEW_GATEWAY_ADDRESS
> > ** ORIGINAL DATAGRAM DUMP:
> > MY_IP:80 -> IP_QUERYING_SERVER:1370
> > TCP TTL:64 TOS:0x0 ID:62447 IpLen:20 DgmLen:60 DF
> > ***A**S* Seq: 0x4882360D  Ack: 0x85F021AF  Win: 0xE000  TcpLen: 40
> > ** END OF DUMP
> > 
> > How to solve this, to not receive thousands messages like this? 
> > And this is problem in my server or in my router?
> 
> without knowledge of your network it is a little bit difficult.
> 
> But I think your server has a wrong routing entry to IP_QUERYING SERVER.
> 
> So probably the server sends all traffic to your GATEWAY_IP. This
> gateway informs your server about the wrong route.
> 
> So simply check your routing table.
> 
> Best regards
> 
> Dirk
> 




More information about the Snort-users mailing list