[Snort-sigs] alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP PING"; icode:0; itype:8; classtype:misc-ac
kwood at ...3015...
Fri Mar 4 06:41:45 EST 2005
I'm a newbie to snort and all...Bare with me if I ask a stupid question...I have snort all setup and have confirmed that it works by running it in packet sniffer mode...But I have problems when I run it in NIDS mode...It does not produce any alerts or log any packets..Should I not be getting alot of false positives with snort default ruleset and config....The size of my alerts file or logging file do not change from the time I start it..This makes me think its not working...
From: snort-sigs-admin at lists.sourceforge.net [mailto:snort-sigs-admin at ...1979....sourceforge.net]On Behalf Of Jon Banks
Sent: March 3, 2005 2:35 PM
To: snort-sigs at lists.sourceforge.net
Subject: [Snort-sigs] alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP PING"; icode:0; itype:8; classtype:misc-ac
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP PING"; icode:0; itype:8; classtype:misc-activity; sid:384; rev:5;)
This rule will false positive as a Novell Net Service Route Request!
Jon J. Banks, LAN Engineer
Cobb & Douglas Public Health
1650 County Services Parkway
Marietta, Georgia 30008
Phone: (770) 514-2326 Fax: (770) 514-2313
jjbanks at ...2072...
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs