[Snort-users] icmp

Ashley Thomas athomas at ...3539...
Wed Nov 14 15:29:02 EST 2001


The point was that blocking icmp / anyother packet is done at the
firewall
rather than by the IDS.

For example in <certain> firewall, you can specify when you get an icmp
echo request you send
1. dest unreachable. 
2. do not send anything.

-ashley




Peter VE wrote:
> 
> All I wanted to achieve is to fool the remote users, letting them believe my
> host is unreachable for icmp traffic...
> 
> ----- Original Message -----
> From: "Oliver Friedrichs" <of at ...35...>
> To: <Peter.VE at ...1187...>; <snort-users at lists.sourceforge.net>
> Sent: Wednesday, November 14, 2001 11:21 PM
> Subject: RE: [Snort-users] icmp
> 
> > This isn't really the right thing to do.  Especially not if the host
> really
> > exists, the real host will respond, and so will your IDS.  Unless either
> (a)
> > the host doesn't exist or (b) the ICMP is also blocked by a firewall.
> Also,
> > is there any reason you want to be generating additional network traffic
> on
> > purpose?
> >
> > - Oliver
> >
> > -----Original Message-----
> > From: Peter.VE at ...1187... [mailto:Peter.VE at ...1187...]
> > Sent: Wednesday, November 14, 2001 2:44 AM
> > To: snort-users at lists.sourceforge.net
> > Subject: [Snort-users] icmp
> >
> >
> > Hi,
> >
> > I'm running snort 1.8.2 on Win2K
> > I want to block ICMP (by replying to a echo request   with
> > echo_host_unreachable)
> >
> > Can I do this ?
> >
> > Does anyone have any documents on using & configuring snort on Win2K ? I'm
> > still trying to find out how it works, but I haven't found it yet...
> >
> > thanks
> >
> >
> >
> >
> > _______________________________________________ Snort-users mailing list
> > Snort-users at lists.sourceforge.net Go to this URL to change user options or
> > unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> >
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list