Rudi Starcevic wrote:
Here is the Snort log alert. [**] ICMP PING CyberKit 2.2 Windows [**] 10/08-22:42:48.897689 4.34.170.219 -> 64.235.238.29 ICMP TTL:114 TOS:0x0 ID:10694 IpLen:20 DgmLen:92 Type:8 Code:0 ID:768 Seq:59374 ECHO How can I make it so my machine replies to *no* icmp packets ? I've even gone and installed CyberKit on an old Windows box to see if I could generate and alert but it didn't work.So I don't understand how my icmp packets are denied but not 4.34.170.219 in the above log sample.
Martin thinks:Snort is working in promiscious mode so it is able to see all packets, right? In the log above it seems that it is the Echo Requests snort is reporting, I don't think your machine is sending any Echo Replies back to 4.34.170.219.
Best regards Martin, Sweden