[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ICMP drop.


This *will* make your life miserable, as you suddenly can't connect to,
or be connected to from, a large proportion of systems.

Thanks - sorry such novice questions.
I am working through a Snort book right now - guess I should get a TCP one next.

I've had Snort up and running only for a day or so and noticed an IP that first pinged me then followed up with loads of request on all sorts of ports which triggered dozens
of alerts.

So I had the silly idea to drop icmp packets and be anonymous.
As I now know you'll also end up lonely if you drop icmp packets
So it not really possible be anonymous. The machine just has to deal with the requests asked of it. The first step is to monitor those requests with something like Snort.

I guess in this case I should look at SnortSam for someone who triggers multiple alerts.


Reply to: