Re: ICMP drop.
Rudi Starcevic wrote:
Here is the Snort log alert.
[**] ICMP PING CyberKit 2.2 Windows [**]
10/08-22:42:48.897689 126.96.36.199 -> 188.8.131.52
ICMP TTL:114 TOS:0x0 ID:10694 IpLen:20 DgmLen:92
Type:8 Code:0 ID:768 Seq:59374 ECHO
How can I make it so my machine replies to *no* icmp packets ?
I've even gone and installed CyberKit on an old Windows box to
see if I could generate and alert but it didn't work.
So I don't understand how my icmp packets are denied but not
184.108.40.206 in the above log sample.
Snort is working in promiscious mode so it is able to see all packets,
In the log above it seems that it is the Echo Requests snort is
reporting, I don't think your machine is sending any Echo Replies back
- ICMP drop.
- From: Rudi Starcevic <email@example.com>