[Snort-users] Newbie: why so many ICMPs?
ijbert at ...3027...
Wed Jul 7 19:51:07 EDT 2004
I spent yesterday loading Fedora 2, snort and ACID. I have everything
working like I think it's supposed to. When I log into my ACID page, I
see literally hundreds of "ICMP Destination Unreachable Communication
with Destination Host is Administratively Prohibited" messages. The
source address is my IP, the destination address varies. These messages
are 90% of what I am seeing in ACID.
I can see these entries logged if I try to ftp to my machine, having
ftp off. My thought is that the service is denied, the ICMP is
generated, and my router is interfering. I have a Netgear ADSL Firewall
Router DG834. I have turned off NAT and added firewall holes to allow
all traffic inbound and output.
Is this a reasonable assumption? I could buy a new ADSL modem. Barring
that, could I turn these responses off, since they aren't getting past
my modem/router? Or is that something I shouldn't do?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 999 bytes
Desc: not available
More information about the Snort-users