[Snort-sigs] Dropping ICMP packet issue

santhoj san santhojirulappan at ...2420...
Wed Oct 28 02:55:40 EDT 2015

Hi All,


I am trying to block ICMP packets and I am getting weird result. Have a
look at the ping log below

*Ping Log:*
$ ping
PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=64 time=3.85 ms
>From icmp_seq=1 Destination Port Unreachable
64 bytes from icmp_seq=2 ttl=64 time=177 ms
>From icmp_seq=2 Destination Port Unreachable
64 bytes from icmp_seq=3 ttl=64 time=5.70 ms
>From icmp_seq=3 Destination Port Unreachable

drop icmp any any -> $HOME_NET any (msg:"ICMP test"; resp: icmp_port;
sid:1000001; rev:001;)

Thanks & Regards
Santhoj Irulappan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20151028/76ea058c/attachment.html>

More information about the Snort-sigs mailing list