K Anderson freebsduser at comcast.net
Mon Aug 25 18:49:58 PDT 2003

Howdy folks,

I've been getting bombarded with ICMP (Cyberkit 2.2 attack) stuff and 
created a rule in ipfw to firewall it. The rule is working, I am getting 
measured stats but the problem is snort is seeing them and reporting 
them. I thought that by firewalling ICMP snort would stop noticing them. 
If I'm wrong in my asumption I would certainly like to hear it.

Here is the fierwall rule I applied.

deny log icmp from any to me via ed0

There are some TCP and IP rules above that but I don't see that causing 
anything to skip over the  ICMP rule. And snort is seeing them as I did 
a quick search through ACID.

Thanks in advance.

More information about the freebsd-questions mailing list