[Snort-sigs] RE: RESP error

SRH-Lists giermo at ...1992...
Thu Oct 30 10:17:07 EST 2003


> > Warning: /etc/snort/rules/icmp.rules(36) => Unknown keyword 
> 'resp' in
> > rule!
> > 
> > this is the output i get when i insert the resp keyword 
> into a rule. 
> > Here is the rule;
> > 
> > 
> > #drop ICMP packets associated with CyberKit 2.2 Windows
> > #
> > #
> > #
> > alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP 
> PING CyberKit 2.2
> > Windows"; 
> content:"|aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa|";itype:8;depth:32;
> > reference:arachnids,154; sid:483;  classtype:misc-activity; 
> rev:2; resp:
> > rst_snd;)

Well, first off, you aren't going to have much luck sending a RST to an
ICMP packet.

-steve




More information about the Snort-sigs mailing list