[Snort-sigs] ICMP Echo Request

Jeffrey C. Ollie jeff at ...97...
Sun Sep 9 21:46:03 EDT 2001


I don't know why, but there doesn't seem to be rules for ICMP echo
requests in snort's default rulesets.  Anyway, here are the rules that
I came up with:

alert icmp any any -> any any (msg:"ICMP Echo Request"; itype: 8; icode: 0; rev:1;)
alert icmp any any -> any any (msg:"ICMP Echo Request (Undefined Code!)"; itype: 8; rev:1;)   

Jeff





More information about the Snort-sigs mailing list