Snort mailing list archives
Dropping ICMP packet issue
From: santhoj san <santhojirulappan () gmail com>
Date: Wed, 28 Oct 2015 12:25:40 +0530
Hi All, Greetings.!! I am trying to block ICMP packets and I am getting weird result. Have a look at the ping log below *Ping Log:* $ ping 192.168.101.78 PING 192.168.101.78 (192.168.101.78) 56(84) bytes of data. 64 bytes from 192.168.101.78: icmp_seq=1 ttl=64 time=3.85 ms
From 192.168.101.78 icmp_seq=1 Destination Port Unreachable
64 bytes from 192.168.101.78: icmp_seq=2 ttl=64 time=177 ms
From 192.168.101.78 icmp_seq=2 Destination Port Unreachable
64 bytes from 192.168.101.78: icmp_seq=3 ttl=64 time=5.70 ms
From 192.168.101.78 icmp_seq=3 Destination Port Unreachable
*Rule:* drop icmp any any -> $HOME_NET any (msg:"ICMP test"; resp: icmp_port; sid:1000001; rev:001;) Thanks & Regards Santhoj Irulappan
------------------------------------------------------------------------------
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Dropping ICMP packet issue santhoj san (Oct 27)