[Snort-sigs] Snort rules

adonis okpidi adonisokpidi at ...2420...
Mon Mar 23 08:48:15 EDT 2015


Hi All,

I have downloaded the Snort 2972 and also downloaded the
snortrules-snapshot-2972.tar rules but the rules all seem to be empty
containing just the copyright information. Here is an example of what
icmp-info.rules look like


how do you enable ICMP rule in snort
<http://stackoverflow.com/questions/29145221/how-do-you-enable-icmp-rule-in-snort>
 up vote 0 down vote favorite
<http://stackoverflow.com/questions/29145221/how-do-you-enable-icmp-rule-in-snort#>

I have configured snort but I need to enable detection rules in snort rule
file. I am walking through the CEH lab and I am stuck at enabling ICMP
rule. I have the file icmp-info.rules in C:\Snort\rules. I only see this
when I open the file:

# Copyright 2001-2013 Sourcefire, Inc. All Rights Reserved.
#
# This file contains (i) proprietary rules that were created, tested
and       certified by
# Sourcefire, Inc. (the "VRT Certified Rules") that are distributed
under the    VRT
# Certified Rules License Agreement (v 2.0), and (ii) rules that were created by
# Sourcefire and other third parties (the "GPL Rules") that are
distributed     under the
# GNU General Public License (GPL), v2.
#
# The VRT Certified Rules are owned by Sourcefire, Inc. The GPL Rules
were   created
# by Sourcefire and other third parties. The GPL Rules created by Sourcefire are
# owned by Sourcefire, Inc., and the GPL Rules not created by
Sourcefire are owned by
# their respective creators. Please see
http://www.snort.org/snort/snort-team/ for a
# list of third party owners and their respective copyrights.
#
# In order to determine what rules are VRT Certified Rules or GPL
Rules, please refer
# to the VRT Certified Rules License Agreement (v2.0).
#
#-----------------
# ICMP-INFO RULES
#-----------------

I am suppose to uncomment an alert in the file which should contain lots of
alerts commented out. but mine doesnt seem to have that content. I have
tried deleting and redownloading but still didnt see any changes in the
file. Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20150323/18629691/attachment.html>


More information about the Snort-sigs mailing list