[Snort-sigs] ICMP Echo Request

Brian bmc at ...95...
Mon Sep 10 17:13:01 EDT 2001

According to Jeffrey C. Ollie:
> I don't know why, but there doesn't seem to be rules for ICMP echo
> requests in snort's default rulesets.  Anyway, here are the rules that
> I came up with:

Did you look through icmp-info.rules?

ICMP PING - sid 384 
ICMP PING (undefined code) - sid 365

I've moved ICMP PING undefined code to the bottom of icmp-info.rules 
where it should be, but it was there none the less.

Rules Nazi

More information about the Snort-sigs mailing list