Re: ICMP drop.

To: Rudi Starcevic <rudi@oasis.net.au>
Cc: debian-firewall@lists.debian.org
Subject: Re: ICMP drop.
From: Martin Burman <martin@default.nu>
Date: Thu, 09 Oct 2003 08:55:36 +0200
Message-id: <[🔎] 3F850668.2010709@default.nu>
In-reply-to: <[🔎] 3F84FC06.4020701@oasis.net.au>
References: <[🔎] 3F84FC06.4020701@oasis.net.au>

Rudi Starcevic wrote:


Here is the Snort log alert.
[**] ICMP PING CyberKit 2.2 Windows [**]
10/08-22:42:48.897689 4.34.170.219 -> 64.235.238.29
ICMP TTL:114 TOS:0x0 ID:10694 IpLen:20 DgmLen:92
Type:8  Code:0  ID:768   Seq:59374  ECHO

How can I make it so my machine replies to *no* icmp packets ?
I've even gone and installed CyberKit on an old Windows box to
see if I could generate and alert but it didn't work.

So I don't understand how my icmp packets are denied but not4.34.170.219 in the above log sample.


Martin thinks:

Snort is working in promiscious mode so it is able to see all packets,right?In the log above it seems that it is the Echo Requests snort isreporting, I don't think your machine is sending any Echo Replies backto 4.34.170.219.


Best regards

Martin, Sweden

Reply to:

Follow-Ups:
- Re: ICMP drop.
  - From: Rudi Starcevic <rudi@oasis.net.au>

References:
- ICMP drop.
  - From: Rudi Starcevic <rudi@oasis.net.au>

Prev by Date: ICMP drop.
Next by Date: Re[2]: simple iptables rules
Previous by thread: ICMP drop.
Next by thread: Re: ICMP drop.
Index(es):
- Date
- Thread