[Snort-users] How does a reject rule work?

Todd Wease twease at ...1935...
Tue Apr 29 09:02:49 EDT 2008


You're not going to get 'Destination port unreachable' with ICMP packets
(they address no port).  Try with UDP or TCP packets and rule.


bahamin takhtaei wrote:
> Hi,
> 
> I wrote an icmp rule with "reject" action and
> test it by echo request packets (ping), but
> I didn't catch any "Destination port unreachable"
> message on the test system. It seems that my
> "reject" rule works as a "drop" rule only! Now
> please tell me What do I to fix this problem?
> 
> 
> Thanks,
> Bahamin
> 
> ------------------------------------------------------------------------
> Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try
> it now.
> <http://us.rd.yahoo.com/evt=51733/*http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
>>
> 
> 
> ------------------------------------------------------------------------
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
> Don't miss this year's exciting event. There's still time to save $100. 
> Use priority code J8TL2D2. 
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list