Need Explanation about SNORT logs

Posted on 2007-10-01
Last Modified: 2013-11-29
Hi All I have the following entries in my SNORT log and I would like to know a little bit more about them.

09/30-01:26:19.457778  [**] [1:487:4] ICMP Destination Unreachable Communication with Destination Network is Administratively Prohibited [**] [Classification: Misc activity] [Priority: 3] {ICMP} -> MyIP

09/30-18:45:06.495102  [**] [122:3:0] (portscan) TCP Portsweep [**] {PROTO255} -> MyIP

And another thing I would like to know about SNORT is if it's only job is to detect and report attacks ?
Question by:http://

    Expert Comment


    The first message would be seen if the a touter upstream has filtering rules in place that don't allow traffic to or from Or someone is faking those mesages and seeing how your TCP stack responds, mayeb as part of a scan.  

    Try firing up ethereal and then pinging the IP and see if the action generates more of those messages :
    More about those codes:

    The second message sounds like port scan, you'll see many of these if your machine is directly connected to the internet and not behind a NATing firewall.

    Hope that helps,
    LVL 10

    Accepted Solution


    Snort is a versatile, lightweight and very useful intrusion detection system

    - Snort as a straight packet sniffer like tcpdump.
    - Snort as a packet logger. Useful for network traffic debugging etc.
    - Snort as a full blown network intrusion detection system.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Join & Write a Comment

    Healthcare providers, insurance companies and other covered entities trust eFax Corporate to transmit their most sensitive documents. eFax Corporate can help your organization implement a HIPAA compliant cloud faxing solution.
    Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
    Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
    Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now