Rudi Starcevic wrote:
Here is the Snort log alert.
[**] ICMP PING CyberKit 2.2 Windows [**]
10/08-22:42:48.897689 4.34.170.219 -> 64.235.238.29
ICMP TTL:114 TOS:0x0 ID:10694 IpLen:20 DgmLen:92
Type:8 Code:0 ID:768 Seq:59374 ECHO
How can I make it so my machine replies to *no* icmp packets ?
I've even gone and installed CyberKit on an old Windows box to
see if I could generate and alert but it didn't work.
So I don't understand how my icmp packets are denied but not
4.34.170.219 in the above log sample.
Martin thinks:
Snort is working in promiscious mode so it is able to see all packets,
right?
In the log above it seems that it is the Echo Requests snort is
reporting, I don't think your machine is sending any Echo Replies back
to 4.34.170.219.
Best regards
Martin, Sweden