ICMP drop.

To: debian-firewall@lists.debian.org
Subject: ICMP drop.
From: Rudi Starcevic <rudi@oasis.net.au>
Date: Thu, 09 Oct 2003 16:11:18 +1000
Message-id: <[🔎] 3F84FC06.4020701@oasis.net.au>

Hi,

I'm trying to drop all icmp/ping packets on my Debian box in the US.
I'm in Australia.

So I've added this rule to my Iptables script:

/sbin/iptables --append INPUT -p icmp -s ! 127.0.0.1/32 -j DROP

This works fine from my side.
I'm unable to get any Ping responses.

However some are still getting through.
How do I know ?
Because I'm using 'Snort' to packet sniff and trigger alerts.

Here is the Snort log alert.
[**] ICMP PING CyberKit 2.2 Windows [**]
10/08-22:42:48.897689 4.34.170.219 -> 64.235.238.29
ICMP TTL:114 TOS:0x0 ID:10694 IpLen:20 DgmLen:92
Type:8  Code:0  ID:768   Seq:59374  ECHO

How can I make it so my machine replies to *no* icmp packets ?
I've even gone and installed CyberKit on an old Windows box to
see if I could generate and alert but it didn't work.

So I don't understand how my icmp packets are denied but not4.34.170.219 in the above log sample.


Many thanks
Best regards
Rudi.

Reply to:

Follow-Ups:
- Re: ICMP drop.
  - From: Martin Burman <martin@default.nu>
- Re: ICMP drop.
  - From: Daniel Pittman <daniel@rimspace.net>

Prev by Date: Re: simple iptables rules
Next by Date: Re: ICMP drop.
Previous by thread: unsubscribe
Next by thread: Re: ICMP drop.
Index(es):
- Date
- Thread