[Bro] icmp_time_exceeded
Christoph Goeldi
goeldich at ee.ethz.ch
Wed Feb 16 23:41:51 PST 2005
hi vern
> > isn't there a possibility (an event) to recognize icmp requests dropped
> > by the firewall.
>
> Do you mean ICMP unreachables with "administratively prohibited" as the
> subcode? Those should generate icmp_unreachable events *if* the firewall
> is configured to send the ICMPs (it might instead just silently drop).
i mean icmp timeouts. when you send an icmp request (ping) and nothing, abolutly
nothing comes back to you.
this could be when the firewall silently drops the packets or when a destination
host just not reacts.
by the way: silently drop or drop means the same to me. i thought that when a
firewall gives a negative answer like an icmp unreachable this is called a
reject.
greetz
christoph
More information about the Bro
mailing list