Very Computer

I had some problems with the IDS alerts in snort regarding the subject
of this post.

 ICMP Destination Unreachable (Host Unreachable) [**]

Well, it seems to be solved here, and I did solve it like this.

1. go to your adsl/router
2. fill in dns properties from your dhcp dns server the correct dns
domain name of your host.
3. save this configuration.

And you are not longer troubled with the ICMP unreachable host
messages.

It is finally a bit quiet in te logs, and also the spp portscan
activities are gone.

Still I am curious how this exactly works, and if my solution helped
some of you, and if it is a correct solution I have applied???

Because maybe I am introducing a security related flaw, what I don't
like ofcourse, because maybe it was alright that the Snort IDS was
generating these alerts.

Well, I hope some of you will send a reply to me with some
backgrounds, and some advice if neccesary.

Just send a copy to my e-mail address if it helped you, or you have
something to say about this post.

Have a nice day you all!

Wouter Jan Wessels.

karl.

To be more precise, a lot of repeated ICMP Destination Unreachable
(Host Unreachable) [**]

Where solved, but also a lot are not... I discovered...

So sorry for this.

I am still in search for a good method of not getting an alert from
those ICMP messages, but I would like to log them instead of being
notified.

Do you have a answer for this?

Thanks a lot in advance,

Wouter.

see if these ICMPs are from the same place or it's going to the same
place and what code the it has.  If you use somethiung like ethereal it
should be fairly easy to find out.

karl.