[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-users
Subject:    [Snort-users] Blocklist Problem
From:       Jim Campbell <jim () w4bqp ! net>
Date:       2021-07-26 19:54:02
Message-ID: 833fa484-7ce1-59f1-a2de-57335cc8b47a () w4bqp ! net
[Download RAW message or body]

I'm running Snort 3.1.4.0 as an IPS. For about the last week I've been 
getting several thousand messages daily for gid 116, sid 441 and gid 
116, sid 442.

gid 116, sid 441: (icmp4) ICMP destination unreachable communication 
administratively prohibited
gid 116, sid 442: (icmp4) ICMP destination unreachable communication 
with destination host is administratively prohibited

The messages are all coming from the wide area network to my local network.

I've checked a number of the source addresses against 
/usr/local/etc/lists/default.blocklist and don't get a match.

An example is 91.7.243.3 - Deutsche Telecom.
Another is 65.78.131.240 - Consolidated Communication

Any help with solving this would be much appreciated.

Jim
_______________________________________________
Snort-users mailing list
Snort-users@lists.snort.org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

	To unsubscribe, send an email to:
	snort-users-leave@lists.snort.org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
[prev in list] [next in list] [prev in thread] [next in thread]