[Snort-users] Alerts of the ICMP relationship with smtp connection?

Paulo listassec at ...131...
Mon Jun 6 12:52:09 EDT 2005


Thanks Frank,

How can I to confirm this? The alerts are ICMP type 8.


Thanks by help again.

--- Frank Knobbe <frank at ...9761...> wrote:

> On Mon, 2005-05-30 at 13:40 -0700, Paulo wrote:
> > I didn't solve this yet. Please, anyone can help
> me?
> 
> Maybe you didn't get responses because it's not a
> Snort related issue.
> 
> To answer your question, read up on Path Maximum
> Transmit Unit (PMTU)
> Discovery by googling it. Here a couple links that
> Google spit out right
> away.
> 
> http://www.netheaven.com/pmtu.html
> which also references
> ftp://ftp.rfc-editor.org/in-notes/rfc1191.txt
> 
> While you are learning about PTMU, please review
> your firewall rule set
> and make sure you don't block ALL inbound ICMP
> packets. Please let at
> least type 3 and type 11 ICMP packets through.
> 
> (Hint: The remote mail servers are sending a large
> ICMP packet in order
> to discover the MTU between them and you. It is
> harmless traffic.)
> 
> Hope that helps,
> Frank
> 
> 



		
__________________________________ 
Discover Yahoo! 
Find restaurants, movies, travel and more fun for the weekend. Check it out! 
http://discover.yahoo.com/weekend.html 





More information about the Snort-users mailing list