LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-16-2005, 08:02 AM   #1
perfect_circle
Senior Member
 
Registered: Oct 2004
Location: Athens, Greece
Distribution: Slackware, arch
Posts: 1,783

Rep: Reputation: 53
ICMP traffic in Snort+BASE


I'm trying to test snort+base in a linux box. I don't seem to get ICMP alerts. I tried ping but base does not display it as ICMP traffic. Can anyone suggest me an attack to create Alerts with ICMP traffic?
 
Old 04-16-2005, 12:24 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Try hping2 for packet crafting.

The standard 'hping -V -C 8 <target>' should generate the ICMP PING NMAP alert. Also make sure that the system you're scanning from isn't part of $HOME_NET
 
Old 04-16-2005, 06:16 PM   #3
perfect_circle
Senior Member
 
Registered: Oct 2004
Location: Athens, Greece
Distribution: Slackware, arch
Posts: 1,783

Original Poster
Rep: Reputation: 53
Thanx for your reply.
Actually I manage to create some ICMP host unreachable alerts, but I also downloaded and compiled hping2. And did what you said. hping is a really nice tool with many capabilities.
Thanx again
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
why my snort show icmp 100% only headmaster Linux - Security 3 12-10-2005 11:13 AM
Snort BASE vswr31 Linux - Security 1 09-30-2005 08:13 AM
Snort alerts of the ICMP relationship with smtp connection? hacinn Linux - Networking 1 06-21-2005 07:10 AM
Snort: passing icmp from a since host psychobyte Linux - Security 1 02-20-2005 11:17 AM
ICMP traffic archives/writing ICMP traffic in a file maia_1 Programming 0 07-20-2004 03:43 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:26 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration