Why does Snort send ICMP packets to UDP stimulus?
ICMP packets are sent to a host initiating a UDP connection to inform the sender that a requested port/host is unavailable. The reason ICMP packets are sent to a UDP stimulus is UDP does not have the capability to report errors, so ICMP is used to assist. Snort use this normal process to send a spoofed ICMP packet to the host initiating the connection in an attempt to fool the host in to thinking that the host is unavailable. Session disruptions in action Snort Rule alert tcp 192.168.1.1 any > $HOME_NET 135 (msg:”Block host”; flags:S+; resp:rst_snd;) This rule was created to rest any TCP session initiated by host 192.168.1.1 with the SYN TCP flag and any other TCP flags set. The traffic below was generated in my lab between two machines. The targeted pc is configured with Snort 1.8.3 for Win32 systems and runs on windows 2000 professional. The attacking host is a Red Hat Linux 7.0 machine. Nmap was used to port scan the target machine by typing nmap -p 135 -sF 192.168.1.2, which trigge
Related Questions
- You mention that dark acts as a stimulus for rods and cones. So my question is whether the ganglion cells that send info via the optic nerve are activated by dark rather than light?
- Nice, cheap and easy probes to make the list public. How many UDP packets can you send out in a second?
- How fast would a malicious user need to send the packets in order to affect a machine?
