Security Basics mailing list archives
Dropping ICMP Echo Request
From: Rodrigo Otaviano <rodrigo () otaviano com>
Date: Fri, 14 Nov 2003 13:35:51 -0800
Hi there, My goal is to drop some ICMP Echo Request packets in order to minimize intense ICMP traffic. I know it's possible to implement some active response on Snort for example by using it along with FlexResp. For example, if I want to send a message of "host and port unreachable" to the sender, I can simply use something this: alert udp any any -> 192.168.1.0/24 31 (resp: icmp_port,icmp_host; msg: "example";) But that's not exactly what I want to do. My question is: is it possible to drop any ICMP Echo Request instead of sending a new ICMP back ( by using Snort ) or I would have to use some kind of filter rule manipulation, for example with SnortSam to modify/create an access control list (acl) on a firewall or router ? Rodrigo Otavio Paes de Barros Otaviano --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
Current thread:
- Dropping ICMP Echo Request Rodrigo Otaviano (Nov 17)
- <Possible follow-ups>
- RE: Dropping ICMP Echo Request Mike (Nov 17)
- Re: Dropping ICMP Echo Request Rodrigo Otaviano (Nov 17)
- RE: Dropping ICMP Echo Request Mike (Nov 17)