tech at ...11974...
Wed Jan 26 10:04:04 EST 2005
>I have Snort running on a Fedora Core 3 server. I see alot of ICMP
>Destination Unreachable Communication with Destination Host is
>Administratively Prohibited alerts. The problem is it appears that
>my server is the source IP. Is my server running rouge pings? Or is
>it as I suspect that someone has scanned or pingged(sp) my server but
>is unable to respond? Thanks in advance.
I came across the same thing when I upgraded to Fedora Core 3. The ICMP
Destination Unreachables for me were down to the Firewall on the Fedora
Core 3 machines. In /etc/sysconfig/iptables are the rules fed to iptables
and in Core 3 the final line is a:-
'-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited' if the
firewall is activated. I changed this to a DROP and removed the
--reject-with icmp-host-prohibited and the problem went away.
More information about the Snort-users