Wednesday, July 19, 2006

Patiently awaiting Slackware v11.0, Recent Snort Logs...

Yeah, I'm awaiting the release of Slackware v11.0. I should try to rsync my -current machines, which are on v10.1, I believe. That why I'll only have a short sync when v11.0 is released.

I also am scrubbing my logs on wigglit.ath.cx since I've been vacationing and had to attend a funeral in the last two weeks. I saw the below:

[**] [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [**]
[Classification: Misc activity] [Priority: 3]
07/19-11:06:44.523876 0:B0:4A:6C:76:53 -> FE:FD:40:3E:E7:DC type:0x800 len:0x46
64.65.236.206 -> 66.160.141.30 ICMP TTL:246 TOS:0x0 ID:28020 IpLen:20 DgmLen:56
Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
66.160.141.30:43212 -> 64.65.236.206:113 TCP TTL:53 TOS:0x0 ID:15954 IpLen:20 DgmLen:56 DF
Seq: 0xB4CEF72C Ack: 0x10001
** END OF DUMP

I believe I've seen this before in my logs but I want to further investigate it to get a better understanding of what it means.

I've been neglecting my Slackware installs the last month, as I've recently purchased a white Mac Book (2.0 GHz). I'm currently trying to get used to the internal file structure and commands, as they sometimes differ from FreeBSD's typical commands. I've also started a blog documenting my Mac experiences ... see it at http://whitemacbook.blogger.com .