Snort mailing list archives

ICMP / drop.

From: Rudi Starcevic <rudi () oasis net au>
Date: Thu, 09 Oct 2003 16:13:40 +1000

Hi,

I'm trying to drop all icmp/ping packets on my Debian box in the US.
I'm in Australia.

So I've added this rule to my Iptables script:

/sbin/iptables --append INPUT -p icmp -s ! 127.0.0.1/32 -j DROP

This works fine from my side.
I'm unable to get any Ping responses.

However some are still getting through.

Here is a sample Snort log alert.
[**] ICMP PING CyberKit 2.2 Windows [**]
10/08-22:42:48.897689 4.34.170.219 -> 64.235.238.29
ICMP TTL:114 TOS:0x0 ID:10694 IpLen:20 DgmLen:92
Type:8  Code:0  ID:768   Seq:59374  ECHO

How can I make it so my machine replies to *no* icmp packets ?
I've even gone and installed CyberKit on an old Windows box to
see if I could generate and alert but it didn't work.

So I don't understand how my icmp packets are denied but not4.34.170.219 in the above log sample.


Many thanks
Best regards
Rudi.




-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

ICMP / drop. Rudi Starcevic (Oct 09)
- Re: ICMP / drop. Ralf Spenneberg (Oct 09)
  - Re: ICMP / drop. Rudi Starcevic (Oct 09)
    - Re: ICMP / drop. Edin Dizdarevic (Oct 09)
    - Re: ICMP / drop. Rudi Starcevic (Oct 09)
    - Re: ICMP / drop. Edin Dizdarevic (Oct 09)