Hi,
I run Snort in a PCI environment. I have just rebuilt Snort and I’m in the
tuning stage.
I have Tomcat 6.0.18 in the PCI environment and it may be initiating ICMP
traffic to external IPs. Here is the alert:
[1:486:5] ICMP Destination Unreachable Communication with Destination Host is
Administratively Prohibited [**] [Classification: Misc activity] [Priority: 3]
{ICMP} 10.10.100.21 -> 134.173.121.59
I have read the summary of the rule at http://www.snort.org/search/sid/486?r=1
and understand that "no corrective action is necessary" but am curious about
this traffic.
Could Tomcat be generating ICMP traffic to an IP accessing the server?
Is this some kind of keep alive?
Thanks,
James
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
