On 11/05/2010 15:17, James R. Marcus wrote:
> Hi,
> I run Snort in a PCI environment. I have just rebuilt Snort and I’m in the
> tuning stage.
>
> I have Tomcat 6.0.18 in the PCI environment and it may be initiating ICMP
> traffic to external IPs. Here is the alert:
>
> [1:486:5] ICMP Destination Unreachable Communication with Destination Host is
> Administratively Prohibited [**] [Classification: Misc activity] [Priority:
> 3] {ICMP} 10.10.100.21 -> 134.173.121.59
>
> I have read the summary of the rule at
> http://www.snort.org/search/sid/486?r=1 and understand that "no corrective
> action is necessary" but am curious about this traffic.
>
> Could Tomcat be generating ICMP traffic to an IP accessing the server?
>
> Is this some kind of keep alive?Please start a new message next time, rather than replying to & editing an existing message. (Which is called thread hijacking). p > Thanks, > James > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] >
signature.asc
Description: OpenPGP digital signature
