[Snort-sigs] Snort rules

Jamie Riden jamie.riden at ...2420...
Mon Mar 23 09:17:14 EDT 2015


Hi there,

It almost looks like you haven't scrolled down at all in your editor?
There should be loads of rules in icmp-info.

thanks,
 Jamie

On 23 March 2015 at 12:48, adonis okpidi <adonisokpidi at ...2420...> wrote:
> Hi All,
>
> I have downloaded the Snort 2972 and also downloaded the
> snortrules-snapshot-2972.tar rules but the rules all seem to be empty
> containing just the copyright information. Here is an example of what
> icmp-info.rules look like
>
>
> how do you enable ICMP rule in snort
>
> up vote 0 down vote favorite
>
> I have configured snort but I need to enable detection rules in snort rule
> file. I am walking through the CEH lab and I am stuck at enabling ICMP rule.
> I have the file icmp-info.rules in C:\Snort\rules. I only see this when I
> open the file:
>
> # Copyright 2001-2013 Sourcefire, Inc. All Rights Reserved.
> #
> # This file contains (i) proprietary rules that were created, tested and
> certified by
> # Sourcefire, Inc. (the "VRT Certified Rules") that are distributed under
> the    VRT
> # Certified Rules License Agreement (v 2.0), and (ii) rules that were
> created by
> # Sourcefire and other third parties (the "GPL Rules") that are distributed
> under the
> # GNU General Public License (GPL), v2.
> #
> # The VRT Certified Rules are owned by Sourcefire, Inc. The GPL Rules were
> created
> # by Sourcefire and other third parties. The GPL Rules created by Sourcefire
> are
> # owned by Sourcefire, Inc., and the GPL Rules not created by Sourcefire are
> owned by
> # their respective creators. Please see
> http://www.snort.org/snort/snort-team/ for a
> # list of third party owners and their respective copyrights.
> #
> # In order to determine what rules are VRT Certified Rules or GPL Rules,
> please refer
> # to the VRT Certified Rules License Agreement (v2.0).
> #
> #-----------------
> # ICMP-INFO RULES
> #-----------------
>
> I am suppose to uncomment an alert in the file which should contain lots of
> alerts commented out. but mine doesnt seem to have that content. I have
> tried deleting and redownloading but still didnt see any changes in the
> file. Thanks
>
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website,
> sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for
> all
> things parallel software development, from weekly thought leadership blogs
> to
> news, videos, case studies, tutorials and more. Take a look and join the
> conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!



-- 
Jamie Riden / jamie at ...3509... / jamie.riden at ...2420...
http://uk.linkedin.com/in/jamieriden




More information about the Snort-sigs mailing list