cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
107
Views
0
Helpful
0
Replies
Highlighted
Beginner

Snort IDS detect PIM multicast from Cisco WS-C3750-48ts-e Layer 3 Switch?

Hello,

 

I installed Snort IDS into my office network on Monday and then to day, I see its log and I found that Snort detect that the sending packets from my Cisco WS-C3750-48ts-e Layer 3 Switch to 224.0.0.13 which is PIM Multicast address is an ICMP "Time Exceeded" message is generated that has an invalid ICMP code. Snort detect those 2 times in every minutes. Is that Snort detection is a false positive or a thing that I have to investigate my Layer 3 switch?

 

Here the network diagram:

                                                Router -----  Internet

                                                    I

                           Router -----  Firewall

                                                    I

                         Cisco WS-C3750 Layer 3 Switch

                                                    |

                                         PC,Laptop,Server

0 REPLIES 0
Content for Community-Ad