Dropping ICMP Echo Request

[Rodrigo Otaviano <rodrigo () otaviano com>]

Hi there, 

My goal is to drop some ICMP Echo Request packets in order to minimize
intense ICMP traffic.

I know it's possible to implement some active response on Snort for example
by using it along with FlexResp. For example, if I want to send a message of
"host and port unreachable" to the sender, I can simply use something this:

alert udp any any -> 192.168.1.0/24 31 (resp: icmp_port,icmp_host; msg:
"example";)

But that's not exactly what I want to do.

My question is: is it possible to drop any ICMP Echo Request instead of
sending a new ICMP back ( by using Snort ) or I would have to use some kind
of filter rule manipulation, for example with SnortSam to modify/create an
access control list (acl) on a firewall or router  ?

Rodrigo Otavio Paes de Barros Otaviano

 


---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------