Snort mailing list archives
Re: icmp
From: Ryan Russell <ryan () securityfocus com>
Date: Wed, 14 Nov 2001 16:44:21 -0700 (MST)
On Wed, 14 Nov 2001, Peter VE wrote:
All I wanted to achieve is to fool the remote users, letting them believe my host is unreachable for icmp traffic...
Normal behavior for ICMP to a host that doesn't allow it is no response. Think about it: If you try to ping something that isn't there, you get no response. In your case, if someone tries to ping you, they don't get the echo reply (or maybe they do, depending on how you've got things configured), but they get an ICMP unreachable. The fact that they get the unreachable tells them there IS a host there, and that something really strange is up with it. Also note that IP specifies that ICMP error messages are not responded to, lest there be infinite loops of ICMP messages. Ryan _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- icmp snortlst snortlst (Oct 22)
- RE: icmp John Berkers (Oct 24)
- Re: icmp snortlst snortlst (Oct 24)
- Re: icmp snortlst snortlst (Oct 24)
- icmp again snortlst snortlst (Oct 25)
- RE: icmp John Berkers (Oct 24)