Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 3 subscribers
  • Views 1360 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Could you tell me what trigger snort

narna4ever
Is - in a common easy way [:)] 

And could you in that same reply tell me if something about this? 

2014:05:14-23:29:45 luna-1 ulogd[5334]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected" action="ICMP flood" fwrule="60014" initf="eth4" srcmac="0:50:56:b9:3b:7f" dstmac="0:1a:8c:f0:25:84" srcip="172.24.2.153" dstip="172.24.0.36" proto="1" length="44" tos="0x00" prec="0x00" ttl="255" type="8" code="0"

Could this be an issue of slow network? 

Regards


This thread was automatically locked due to age.
Parents
  • 0
    I'm not suggesting the log lines are the problem but that the log lines indicate the system is detecting "too many" (based on configured values) ICMP packets from a particular source or to a particular destination per second.  A high volume of ICMP packets per second may be the cause (primary or contributing) or a symptom of your slow network performance.

    Disabling ICMP Flood protection didn't stop those log lines?

    172.24.2.153 and 172.24.0.36 are both on your networks?  Have you looked at those systems or the traffic (ICMP and otherwise) between them and the path through your network from host to host?
Reply
  • 0
    I'm not suggesting the log lines are the problem but that the log lines indicate the system is detecting "too many" (based on configured values) ICMP packets from a particular source or to a particular destination per second.  A high volume of ICMP packets per second may be the cause (primary or contributing) or a symptom of your slow network performance.

    Disabling ICMP Flood protection didn't stop those log lines?

    172.24.2.153 and 172.24.0.36 are both on your networks?  Have you looked at those systems or the traffic (ICMP and otherwise) between them and the path through your network from host to host?
Children
No Data