I was able to login to my IPCop's web interface today, and checked out my logs. In the intrusion detection logs, I have a large number of entries like this:
Date: 09/17 09:22:17 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 142.59.106.45 <http://192.168.0.1:81/cgi-bin/ipinfo.cgi?ip=142.59.106.45>:n/a -> 142.59.175.169 <http://192.168.0.1:81/cgi-bin/ipinfo.cgi?ip=142.59.175.169>:n/a References: none found SID: 483 <http://www.snort.org/snort-db/sid.html?sid=483> The info I can find indicates this is more or less a port scan, where someone is looking for an active host. What I need to know (and don't see a clear answer yet) is if this traffic has been blocked by the firewall. If so, was an echo-reply sent? And the follow up question, how do I disable echo reply on an IPCop firewall? (looking at their web site right now...). Thanks for any tips or suggestions. Shawn
