[Snort-sigs] alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP PING"; icode:0; itype:8; classtype:misc-ac

Kevin Wood kwood at ...3015...
Fri Mar 4 06:41:45 EST 2005


I'm a newbie to snort and all...Bare with me if I ask a stupid question...I have snort all setup and have confirmed that it works by running  it in packet sniffer mode...But I have problems when I run it in NIDS mode...It does not produce any alerts or log any packets..Should I not be getting alot of false positives with snort default ruleset and config....The size of my alerts file or logging file do not change from the time I start it..This makes me think its not working...
 
any ideas?
 
thx 

-----Original Message-----
From: snort-sigs-admin at lists.sourceforge.net [mailto:snort-sigs-admin at ...1979....sourceforge.net]On Behalf Of Jon Banks
Sent: March 3, 2005 2:35 PM
To: snort-sigs at lists.sourceforge.net
Subject: [Snort-sigs] alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP PING"; icode:0; itype:8; classtype:misc-ac


 alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP PING"; icode:0; itype:8; classtype:misc-activity; sid:384; rev:5;) 
 
This rule will false positive as a Novell Net Service Route Request!
 
Jon J. Banks, LAN Engineer
IT Department
Cobb & Douglas Public Health
1650 County Services Parkway
Marietta, Georgia 30008
Phone: (770) 514-2326 Fax: (770) 514-2313
jjbanks at ...2072...
www.cobbanddouglaspublichealth.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20050304/9fb54705/attachment.html>


More information about the Snort-sigs mailing list