[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 314
  • Last Modified:

Need Explanation about SNORT logs

Hi All I have the following entries in my SNORT log and I would like to know a little bit more about them.

09/30-01:26:19.457778  [**] [1:487:4] ICMP Destination Unreachable Communication with Destination Network is Administratively Prohibited [**] [Classification: Misc activity] [Priority: 3] {ICMP} -> MyIP

09/30-18:45:06.495102  [**] [122:3:0] (portscan) TCP Portsweep [**] {PROTO255} -> MyIP

And another thing I would like to know about SNORT is if it's only job is to detect and report attacks ?
http:// thevpn.guru
http:// thevpn.guru
1 Solution

The first message would be seen if the a touter upstream has filtering rules in place that don't allow traffic to or from Or someone is faking those mesages and seeing how your TCP stack responds, mayeb as part of a scan.  

Try firing up ethereal and then pinging the IP and see if the action generates more of those messages :
More about those codes:

The second message sounds like port scan, you'll see many of these if your machine is directly connected to the internet and not behind a NATing firewall.

Hope that helps,

Snort is a versatile, lightweight and very useful intrusion detection system

- Snort as a straight packet sniffer like tcpdump.
- Snort as a packet logger. Useful for network traffic debugging etc.
- Snort as a full blown network intrusion detection system.



Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now