Hi. From network departament I have been noticed that my Qmail-ldap
servers are trying to send ICMP request to Internet mail servers.
Dumping on one of them:
[EMAIL PROTECTED]:/root> tcpdump -i eth1 |grep
icmp
tcpdump: listening on eth1
12:16:03.100137 192.168.204.150 > mxa.mail.ukl.yahoo.com:
icmp: host 192.168.204.150 unreachable - admin prohibited [tos 0xc0]
12:16:39.888951 192.168.204.150 > mxa.mail.ukl.yahoo.com:
icmp: host 192.168.204.150 unreachable - admin prohibited [tos 0xc0]
12:17:07.106519 192.168.204.150 > mxa.mail.ukl.yahoo.com:
icmp: host 192.168.204.150 unreachable - admin prohibited [tos 0xc0]
12:17:43.890120 192.168.204.150 > mxa.mail.ukl.yahoo.com:
icmp: host 192.168.204.150 unreachable - admin prohibited [tos 0xc0]
12:18:11.100234 192.168.204.150 > mxa.mail.ukl.yahoo.com:
icmp: host 192.168.204.150 unreachable - admin prohibited [tos 0xc0]
12:18:47.891328 192.168.204.150 > mxa.mail.ukl.yahoo.com:
icmp: host 192.168.204.150 unreachable - admin prohibited [tos 0xc0]
12:19:15.105347 192.168.204.150 > mxa.mail.ukl.yahoo.com:
icmp: host 192.168.204.150 unreachable - admin prohibited [tos 0xc0]
I would like to know if there is any way to avoid the ICMP request from
Qmail. ICMP packages are not allowed in my network and its generating a
lot of Snort alerts on IDS servers. Thanks.
Javier Sianes
|
