RE: [Snort-sigs] more on logs

From: L. Christopher Luther <CLuther(at)Xybernaut.com>
Date: Fri Apr 25 2003 - 11:39:04 EDT

There is nothing special about the "Administratively Prohibited" message. It's a basic Snort message indicating that some host generated an ICMP Destination Unreachable packet and Snort is indicating that this type of packet is "prohibited" by the "administrator".

Look in icmp.rules for more details.

• Christopher

-----Original Message-----
From: Bryan Irvine [mailto:bryan.irvine@kingcountyjournal.com] Sent: Thursday, April 24, 2003 6:52 PM
To: 'snort-sigs@lists.sourceforge.net'
Subject: [Snort-sigs] more on logs

What does Administratively prohibited mean? Is there a place where these can be looked up?

--Bryan

[**] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
04/24-15:51:52.852197 134.95.110.65 -> 64.1.201.130 ICMP TTL:236 TOS:0x0 ID:16616 IpLen:20 DgmLen:56 Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED, PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
64.1.201.130:37071 -> 134.95.93.169:19525 TCP TTL:45 TOS:0x0 ID:44992 IpLen:20 DgmLen:60 DF Seq: 0x31EA1DE5 Ack: 0x886AA83E
** END OF DUMP

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

---

This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven.
http://thinkgeek.com/sf

---

Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

---

This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven.
http://thinkgeek.com/sf

---

Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs Received on Fri Apr 25 12:18:44 2003