[Snort-users] Newbie: why so many ICMPs?

John Bertagnolli ijbert at ...3027...
Wed Jul 7 19:51:07 EDT 2004


Greetings -

I spent yesterday loading Fedora 2, snort and ACID. I have everything 
working like I think it's supposed to. When I log into my ACID page, I 
see literally hundreds of "ICMP Destination Unreachable Communication 
with Destination Host is Administratively Prohibited" messages. The 
source address is my IP, the destination address varies. These messages 
are 90% of what I am seeing in ACID.

I can see these entries logged if I try to ftp to my machine, having 
ftp off. My thought is that the service is denied, the ICMP is 
generated, and my router is interfering. I have a Netgear ADSL Firewall 
Router DG834. I have turned off NAT and added firewall holes to allow 
all traffic inbound and output.

Is this a reasonable assumption? I could buy a new ADSL modem. Barring 
that, could I turn these responses off, since they aren't getting past 
my modem/router? Or is that something I shouldn't do?

Thanks,
John
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 999 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040707/807da823/attachment.bin>


More information about the Snort-users mailing list