On 11/05/2010 15:17, James R. Marcus wrote:
> Hi,
> I run Snort in a PCI environment. I have just rebuilt Snort and I=92m i=
n the tuning stage.
>=20
> I have Tomcat 6.0.18 in the PCI environment and it may be initiating IC=
MP traffic to external IPs. Here is the alert:
>=20
> [1:486:5] ICMP Destination Unreachable Communication with Destination H=
ost is Administratively Prohibited [**] [Classification: Misc activity] [=
Priority: 3] {ICMP} 10.10.100.21 -> 134.173.121.59
>=20
> I have read the summary of the rule at http://www.snort.org/search/sid/=
486?r=3D1 and understand that "no corrective action is necessary" but am =
curious about this traffic.
>=20
> Could Tomcat be generating ICMP traffic to an IP accessing the server?
>=20
> Is this some kind of keep alive?
Please start a new message next time, rather than replying to & editing
an existing message. (Which is called thread hijacking).
p
> Thanks,
> James
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>=20
|