[Snort-sigs] ICMP Echo Request
Jeffrey C. Ollie
jeff at ...97...
Mon Sep 10 19:20:02 EDT 2001
On Mon, Sep 10, 2001 at 08:25:21PM -0400, Brian wrote:
> According to Jeffrey C. Ollie:
> > I don't know why, but there doesn't seem to be rules for ICMP echo
> > requests in snort's default rulesets. Anyway, here are the rules that
> > I came up with:
> Did you look through icmp-info.rules?
> ICMP PING - sid 384
> ICMP PING (undefined code) - sid 365
> I've moved ICMP PING undefined code to the bottom of icmp-info.rules
> where it should be, but it was there none the less.
I don't know why, but none of these rules ever matched any packet
that's passed though my network. Perhaps because of the use of
$HOME_NET & $EXTERNAL_NET vs. any.
More information about the Snort-sigs