Re: ICMP drop.

To: debian-firewall@lists.debian.org
Subject: Re: ICMP drop.
From: Rudi Starcevic <rudi@oasis.net.au>
Date: Thu, 09 Oct 2003 19:15:01 +1000
Message-id: <[🔎] 3F852715.2050700@oasis.net.au>
In-reply-to: <[🔎] 87u16i27zm.fsf@enki.rimspace.net>
References: <[🔎] 3F84FC06.4020701@oasis.net.au> <[🔎] 87u16i27zm.fsf@enki.rimspace.net>

Hi,

This *will* make your life miserable, as you suddenly can't connect to,
or be connected to from, a large proportion of systems.


Thanks - sorry such novice questions.

I am working through a Snort book right now - guess I should get a TCPone next.

I've had Snort up and running only for a day or so and noticed an IPthat first pingedme then followed up with loads of request on all sorts of ports whichtriggered dozens

of alerts.

So I had the silly idea to drop icmp packets and be anonymous.
As I now know you'll also end up lonely if you drop icmp packets

So it not really possible be anonymous. The machine just has to dealwith therequests asked of it. The first step is to monitor those requests withsomething like Snort.

I guess in this case I should look at SnortSam for someone who triggersmultiple alerts.


Thanks
Rudi.

Reply to:

Follow-Ups:
- Re: ICMP drop.
  - From: Arnt Karlsen <arnt@c2i.net>
- Re: ICMP drop.
  - From: Daniel Pittman <daniel@rimspace.net>

References:
- ICMP drop.
  - From: Rudi Starcevic <rudi@oasis.net.au>
- Re: ICMP drop.
  - From: Daniel Pittman <daniel@rimspace.net>

Prev by Date: Re: ICMP drop.
Next by Date: Re: simple iptables rules
Previous by thread: Re: ICMP drop.
Next by thread: Re: ICMP drop.
Index(es):
- Date
- Thread