IPFW & ICMP
freebsduser at comcast.net
Mon Aug 25 18:49:58 PDT 2003
I've been getting bombarded with ICMP (Cyberkit 2.2 attack) stuff and
created a rule in ipfw to firewall it. The rule is working, I am getting
measured stats but the problem is snort is seeing them and reporting
them. I thought that by firewalling ICMP snort would stop noticing them.
If I'm wrong in my asumption I would certainly like to hear it.
Here is the fierwall rule I applied.
deny log icmp from any to me via ed0
There are some TCP and IP rules above that but I don't see that causing
anything to skip over the ICMP rule. And snort is seeing them as I did
a quick search through ACID.
Thanks in advance.
More information about the freebsd-questions