[Snort-sigs] ICMP Echo Request

Jeffrey C. Ollie jeff at ...97...
Mon Sep 10 19:20:02 EDT 2001

On Mon, Sep 10, 2001 at 08:25:21PM -0400, Brian wrote:
> According to Jeffrey C. Ollie:
> > I don't know why, but there doesn't seem to be rules for ICMP echo
> > requests in snort's default rulesets.  Anyway, here are the rules that
> > I came up with:
> Did you look through icmp-info.rules?
> ICMP PING - sid 384 
> ICMP PING (undefined code) - sid 365
> I've moved ICMP PING undefined code to the bottom of icmp-info.rules 
> where it should be, but it was there none the less.

I don't know why, but none of these rules ever matched any packet
that's passed though my network.  Perhaps because of the use of


More information about the Snort-sigs mailing list