Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Dropping ICMP packet issue

From: santhoj san <santhojirulappan () gmail com>
Date: Wed, 28 Oct 2015 12:25:40 +0530
Hi All,

Greetings.!!

I am trying to block ICMP packets and I am getting weird result. Have a
look at the ping log below

*Ping Log:*
$ ping 192.168.101.78
PING 192.168.101.78 (192.168.101.78) 56(84) bytes of data.
64 bytes from 192.168.101.78: icmp_seq=1 ttl=64 time=3.85 ms

From 192.168.101.78 icmp_seq=1 Destination Port Unreachable

64 bytes from 192.168.101.78: icmp_seq=2 ttl=64 time=177 ms

From 192.168.101.78 icmp_seq=2 Destination Port Unreachable

64 bytes from 192.168.101.78: icmp_seq=3 ttl=64 time=5.70 ms

From 192.168.101.78 icmp_seq=3 Destination Port Unreachable


*Rule:*
drop icmp any any -> $HOME_NET any (msg:"ICMP test"; resp: icmp_port;
sid:1000001; rev:001;)


Thanks & Regards
Santhoj Irulappan

------------------------------------------------------------------------------

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: