[Snort-users] ICMP REDIRECT HOST
stakys at ...10650...
Sat Nov 29 05:14:01 EST 2003
Hmmz the fact is that the IP_QUERYING_SERVER is the random ip which connects to the server or sends a query for it. Hmmz mayby the problem is with my router that the provider said me to use GATEWAY_IP as my gateway but redirects it to the another ip NEW_GATEWAY_ADDRESS, mayby if i'll use that new gateways ip, it will stop that messages? But in that case i think i wont have the internet connection in my server anymore?
On 29 Nov 2003 13:42:47 +0100
Dirk Geschke <Dirk at ...10648...> wrote:
> Hi Paulius,
> > Hmmz what is wrong here i get a lot of messages like this:
> > [**] ICMP redirect host [**]
> > 11/28-04:42:15.156908 GATEWAY_IP -> MY_IP
> > ICMP TTL:255 TOS:0xC0 ID:8567 IpLen:20 DgmLen:88
> > Type:5 Code:1 REDIRECT HOST NEW GW: NEW_GATEWAY_ADDRESS
> > ** ORIGINAL DATAGRAM DUMP:
> > MY_IP:80 -> IP_QUERYING_SERVER:1370
> > TCP TTL:64 TOS:0x0 ID:62447 IpLen:20 DgmLen:60 DF
> > ***A**S* Seq: 0x4882360D Ack: 0x85F021AF Win: 0xE000 TcpLen: 40
> > ** END OF DUMP
> > How to solve this, to not receive thousands messages like this?
> > And this is problem in my server or in my router?
> without knowledge of your network it is a little bit difficult.
> But I think your server has a wrong routing entry to IP_QUERYING SERVER.
> So probably the server sends all traffic to your GATEWAY_IP. This
> gateway informs your server about the wrong route.
> So simply check your routing table.
> Best regards
More information about the Snort-users