[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

ICMP drop.


I'm trying to drop all icmp/ping packets on my Debian box in the US.
I'm in Australia.

So I've added this rule to my Iptables script:

/sbin/iptables --append INPUT -p icmp -s ! -j DROP

This works fine from my side.
I'm unable to get any Ping responses.

However some are still getting through.
How do I know ?
Because I'm using 'Snort' to packet sniff and trigger alerts.

Here is the Snort log alert.
[**] ICMP PING CyberKit 2.2 Windows [**]
10/08-22:42:48.897689 ->
ICMP TTL:114 TOS:0x0 ID:10694 IpLen:20 DgmLen:92
Type:8  Code:0  ID:768   Seq:59374  ECHO

How can I make it so my machine replies to *no* icmp packets ?
I've even gone and installed CyberKit on an old Windows box to
see if I could generate and alert but it didn't work.

So I don't understand how my icmp packets are denied but not in the above log sample.

Many thanks
Best regards

Reply to: