SNORT bad ICMP on internal network

Wed, 13 Nov 2002 08:12:57 -0600

The below is from snort running on 192.168.1.200 and talking to 192.168.1.1 <linux firewall/router> Any ideas as to what could be causing this? I even tried turning off all internal iptables. Nothing improved. 
        BAD TRAFFIC & MISC Large UDP Packet

[**] [1:1322:4] BAD TRAFFIC bad frag bits [**]
[Classification: Misc activity] [Priority: 3]
11/13-02:01:48.780376 192.168.1.200 -> 192.168.1.1
UDP TTL:64 TOS:0x0 ID:2721 IpLen:20 DgmLen:1500 DF MF
Frag Offset: 0x0   Frag Size: 0x5C8

[**] [1:1322:4] BAD TRAFFIC bad frag bits [**]
[Classification: Misc activity] [Priority: 3]
11/13-02:02:05.328939 192.168.1.200 -> 192.168.1.1
UDP TTL:64 TOS:0x0 ID:2722 IpLen:20 DgmLen:1500 DF MF
Frag Offset: 0x0   Frag Size: 0x5C8

[**] [1:1322:4] BAD TRAFFIC bad frag bits [**]
[Classification: Misc activity] [Priority: 3]
11/13-02:02:51.626293 192.168.1.200 -> 192.168.1.1
UDP TTL:64 TOS:0x0 ID:2723 IpLen:20 DgmLen:1500 DF MF
Frag Offset: 0x0   Frag Size: 0x5C8

[**] [1:1322:4] BAD TRAFFIC bad frag bits [**]
[Classification: Misc activity] [Priority: 3]
11/13-02:02:51.782650 192.168.1.200 -> 192.168.1.1
UDP TTL:64 TOS:0x0 ID:2724 IpLen:20 DgmLen:1500 DF MF
Frag Offset: 0x2E4   Frag Size: 0x5C8

[**] [1:1322:4] BAD TRAFFIC bad frag bits [**]
[Classification: Misc activity] [Priority: 3]
11/13-02:02:51.782684 192.168.1.200 -> 192.168.1.1
UDP TTL:64 TOS:0x0 ID:2724 IpLen:20 DgmLen:1500 DF MF
Frag Offset: 0x22B   Frag Size: 0x5C8


[**] [1:521:1] MISC Large UDP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
11/13-07:47:30.871859 192.168.1.1:2049 -> 192.168.1.200:795
UDP TTL:64 TOS:0x0 ID:19805 IpLen:20 DgmLen:8348
Len: 8328
[Xref => http://www.whitehats.com/info/IDS247]

[**] [1:521:1] MISC Large UDP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
11/13-07:47:30.878832 192.168.1.1:2049 -> 192.168.1.200:795
UDP TTL:64 TOS:0x0 ID:19806 IpLen:20 DgmLen:8348
Len: 8328
[Xref => http://www.whitehats.com/info/IDS247]

[**] [1:521:1] MISC Large UDP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
11/13-07:47:30.929488 192.168.1.1:2049 -> 192.168.1.200:795
UDP TTL:64 TOS:0x0 ID:19807 IpLen:20 DgmLen:8348
Len: 8328
[Xref => http://www.whitehats.com/info/IDS247]

[**] [1:521:1] MISC Large UDP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
11/13-07:47:30.936608 192.168.1.1:2049 -> 192.168.1.200:795
UDP TTL:64 TOS:0x0 ID:19808 IpLen:20 DgmLen:8348
Len: 8328
[Xref => http://www.whitehats.com/info/IDS247]

Reply via email to