[Snort-sigs] Dropping ICMP packet issue

santhoj san santhojirulappan at ...2420...
Wed Oct 28 02:55:40 EDT 2015


Hi All,

Greetings.!!

I am trying to block ICMP packets and I am getting weird result. Have a
look at the ping log below

*Ping Log:*
$ ping 192.168.101.78
PING 192.168.101.78 (192.168.101.78) 56(84) bytes of data.
64 bytes from 192.168.101.78: icmp_seq=1 ttl=64 time=3.85 ms
>From 192.168.101.78 icmp_seq=1 Destination Port Unreachable
64 bytes from 192.168.101.78: icmp_seq=2 ttl=64 time=177 ms
>From 192.168.101.78 icmp_seq=2 Destination Port Unreachable
64 bytes from 192.168.101.78: icmp_seq=3 ttl=64 time=5.70 ms
>From 192.168.101.78 icmp_seq=3 Destination Port Unreachable

*Rule:*
drop icmp any any -> $HOME_NET any (msg:"ICMP test"; resp: icmp_port;
sid:1000001; rev:001;)


Thanks & Regards
Santhoj Irulappan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20151028/76ea058c/attachment.html>


More information about the Snort-sigs mailing list