[Snort-sigs] Snort rules

Al Lewis (allewi) allewi at ...3865...
Mon Mar 23 08:55:03 EDT 2015


Hello,

A good place to start with snort rules would be here: http://manual.snort.org/node28.html

Hope this helps!

Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi at ...3865...

From: adonis okpidi [mailto:adonisokpidi at ...2420...]
Sent: Monday, March 23, 2015 8:48 AM
To: snort-sigs at lists.sourceforge.net
Subject: [Snort-sigs] Snort rules

Hi All,
I have downloaded the Snort 2972 and also downloaded the snortrules-snapshot-2972.tar rules but the rules all seem to be empty containing just the copyright information. Here is an example of what icmp-info.rules look like

how do you enable ICMP rule in snort<http://stackoverflow.com/questions/29145221/how-do-you-enable-icmp-rule-in-snort>
up vote 0 down vote favorite<http://stackoverflow.com/questions/29145221/how-do-you-enable-icmp-rule-in-snort>

I have configured snort but I need to enable detection rules in snort rule file. I am walking through the CEH lab and I am stuck at enabling ICMP rule. I have the file icmp-info.rules in C:\Snort\rules. I only see this when I open the file:

# Copyright 2001-2013 Sourcefire, Inc. All Rights Reserved.

#

# This file contains (i) proprietary rules that were created, tested and       certified by

# Sourcefire, Inc. (the "VRT Certified Rules") that are distributed under the    VRT

# Certified Rules License Agreement (v 2.0), and (ii) rules that were created by

# Sourcefire and other third parties (the "GPL Rules") that are distributed     under the

# GNU General Public License (GPL), v2.

#

# The VRT Certified Rules are owned by Sourcefire, Inc. The GPL Rules were   created

# by Sourcefire and other third parties. The GPL Rules created by Sourcefire are

# owned by Sourcefire, Inc., and the GPL Rules not created by Sourcefire are owned by

# their respective creators. Please see http://www.snort.org/snort/snort-team/ for a

# list of third party owners and their respective copyrights.

#

# In order to determine what rules are VRT Certified Rules or GPL Rules, please refer

# to the VRT Certified Rules License Agreement (v2.0).

#

#-----------------

# ICMP-INFO RULES

#-----------------

I am suppose to uncomment an alert in the file which should contain lots of alerts commented out. but mine doesnt seem to have that content. I have tried deleting and redownloading but still didnt see any changes in the file. Thanks

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20150323/a012921d/attachment.html>


More information about the Snort-sigs mailing list