[Snort-sigs] ICMP Echo Request

Dragos Ruiu dr at ...60...
Mon Sep 10 12:54:02 EDT 2001


The reason why you don't see this imho is because it would false enough to be
annoying and become irrelevant for meaningful reporting unless you are using it
on a strictly private internal segment.

cheers,
--dr 

On Sun, 09 Sep 2001, Jeffrey C. Ollie wrote:
> I don't know why, but there doesn't seem to be rules for ICMP echo
> requests in snort's default rulesets.  Anyway, here are the rules that
> I came up with:
> 
> alert icmp any any -> any any (msg:"ICMP Echo Request"; itype: 8; icode: 0; rev:1;)
> alert icmp any any -> any any (msg:"ICMP Echo Request (Undefined Code!)"; itype: 8; rev:1;)   
> 
> Jeff
> 
> 
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
-- 
Dragos Ruiu <dr at ...100...>   dursec.com ltd. / kyx.net - we're from the future 
gpg/pgp key on file at wwwkeys.pgp.net or at http://dursec.com/drkey.asc




More information about the Snort-sigs mailing list