[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 314
  • Last Modified:

Need Explanation about SNORT logs

Hi All I have the following entries in my SNORT log and I would like to know a little bit more about them.

A-
09/30-01:26:19.457778  [**] [1:487:4] ICMP Destination Unreachable Communication with Destination Network is Administratively Prohibited [**] [Classification: Misc activity] [Priority: 3] {ICMP} 69.19.217.22 -> MyIP

B-
09/30-18:45:06.495102  [**] [122:3:0] (portscan) TCP Portsweep [**] {PROTO255} 84.36.13.45 -> MyIP


And another thing I would like to know about SNORT is if it's only job is to detect and report attacks ?
0
http:// thevpn.guru
Asked:
http:// thevpn.guru
1 Solution
 
kgilchristCommented:
Hi,

The first message would be seen if the a touter upstream has filtering rules in place that don't allow traffic to or from 69.19.217.22. Or someone is faking those mesages and seeing how your TCP stack responds, mayeb as part of a scan.  

Try firing up ethereal and then pinging the IP and see if the action generates more of those messages :
More about those codes:
http://www.freesoft.org/CIE/RFC/1812/105.htm

The second message sounds like port scan, you'll see many of these if your machine is directly connected to the internet and not behind a NATing firewall.

Hope that helps,
Kevin
0
 
ssvlCommented:

Snort is a versatile, lightweight and very useful intrusion detection system


- Snort as a straight packet sniffer like tcpdump.
- Snort as a packet logger. Useful for network traffic debugging etc.
- Snort as a full blown network intrusion detection system.


http://antionline.com/archive/index.php/t-243972.html

http://www.snort.org/archive-1-662.html
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now