tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid <...@pidster.com>
Subject Re: snort detecting ICMP traffic, tomcat?
Date Tue, 11 May 2010 14:53:43 GMT
On 11/05/2010 15:17, James R. Marcus wrote:
> Hi,
> I run Snort in a PCI environment. I have just rebuilt Snort and I’m in the tuning stage.
> 
> I have Tomcat 6.0.18 in the PCI environment and it may be initiating ICMP traffic to
external IPs. Here is the alert:
> 
> [1:486:5] ICMP Destination Unreachable Communication with Destination Host is Administratively
Prohibited [**] [Classification: Misc activity] [Priority: 3] {ICMP} 10.10.100.21 -> 134.173.121.59
> 
> I have read the summary of the rule at http://www.snort.org/search/sid/486?r=1 and understand
that "no corrective action is necessary" but am curious about this traffic.
> 
> Could Tomcat be generating ICMP traffic to an IP accessing the server?
> 
> Is this some kind of keep alive?

Please start a new message next time, rather than replying to & editing
an existing message.  (Which is called thread hijacking).


p

> Thanks,
> James
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 



Mime
View raw message