[Snort-devel] Re: [Snort-users] Rule Order

Allan Dover allan at ...1963...
Fri May 2 08:29:17 EDT 2003


Hey Ron,

I am having the same problem as you.  As soon as I switched to pass alert
log, I am getting undefined icmp errors.  Interestingly enough these were
known icmp alerts L3retriever and so on.

I am still a piglet with snort ( dont like using newbie )
Anyone have any other suggestions ?

Allan Dover
Systems Administrator


###################################################
This e-mail communication (including any or all attachments) is intended
only for the use of the person or entity to which it is addressed and may
contain confidential and/or privileged material. If you are not the intended
recipient of this e-mail, any use, review, retransmission, distribution,
dissemination, copying, printing, or other use of, or taking of any action
in reliance upon this e-mail, is strictly prohibited. If you have received
this e-mail in error, please contact the sender and delete the original and
any copy of this e-mail and any  printout thereof, immediately. Your
co-operation is appreciated.


----- Original Message -----
From: "Ron Shuck" <rshuck at ...1949...>
To: <snort-users at lists.sourceforge.net>
Cc: <snort-devel at lists.sourceforge.net>
Sent: Thursday, May 01, 2003 3:33 PM
Subject: [Snort-users] Rule Order


> Hi,
>
> Has anyone else changed the rule order under 2.0?
>
> When I upgraded to 2.0, I started having problems with ICMP alerts when
> my rule order was set to 'pass alert log'. Actually, any setting other
> than default caused problems. ICMP alerts happen, they just skip the
> normal rule and trigger the "Undefined Code" rule.
>
> TIA,
>
> Ron Shuck, CISSP, GCIA - Managing Consultant
> Buchanan Associates - A Technology Company in the People Business
> http://www.buchanan.com
> http://www.isc2.org
> http://www.giac.org
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list





More information about the Snort-devel mailing list