[Snort-sigs] Snort rules

Jamie Riden jamie.riden at ...2420...
Tue Mar 24 08:10:13 EDT 2015


I don't have a sign-in for snort.org to hand; it should look more like
this as far as I remember:

https://github.com/mrash/fwsnort/blob/master/deps/snort_rules/icmp-info.rules

If one of the site downloads is broken, you'll need to take this up
with the guys who run the site - though they will probably come across
this thread fairly soon.

cheers,
 Jamie


On 24 March 2015 at 12:01, adonis okpidi <adonisokpidi at ...2420...> wrote:
> Hi Jamie,
>
> Thanks for getting back to me. I did scroll down the editor but that was all
> I could see. You can download the snortrules-snapshot-2972.tar.gz from snort
> website and I am sure you'll see the same thing.
>
> Best Regards,
> Adonis
>
>
>
> On 23 March 2015 at 13:17, Jamie Riden <jamie.riden at ...2420...> wrote:
>>
>> Hi there,
>>
>> It almost looks like you haven't scrolled down at all in your editor?
>> There should be loads of rules in icmp-info.
>>
>> thanks,
>>  Jamie
>>
>> On 23 March 2015 at 12:48, adonis okpidi <adonisokpidi at ...2420...> wrote:
>> > Hi All,
>> >
>> > I have downloaded the Snort 2972 and also downloaded the
>> > snortrules-snapshot-2972.tar rules but the rules all seem to be empty
>> > containing just the copyright information. Here is an example of what
>> > icmp-info.rules look like
>> >
>> >
>> > how do you enable ICMP rule in snort
>> >
>> > up vote 0 down vote favorite
>> >
>> > I have configured snort but I need to enable detection rules in snort
>> > rule
>> > file. I am walking through the CEH lab and I am stuck at enabling ICMP
>> > rule.
>> > I have the file icmp-info.rules in C:\Snort\rules. I only see this when
>> > I
>> > open the file:
>> >
>> > # Copyright 2001-2013 Sourcefire, Inc. All Rights Reserved.
>> > #
>> > # This file contains (i) proprietary rules that were created, tested and
>> > certified by
>> > # Sourcefire, Inc. (the "VRT Certified Rules") that are distributed
>> > under
>> > the    VRT
>> > # Certified Rules License Agreement (v 2.0), and (ii) rules that were
>> > created by
>> > # Sourcefire and other third parties (the "GPL Rules") that are
>> > distributed
>> > under the
>> > # GNU General Public License (GPL), v2.
>> > #
>> > # The VRT Certified Rules are owned by Sourcefire, Inc. The GPL Rules
>> > were
>> > created
>> > # by Sourcefire and other third parties. The GPL Rules created by
>> > Sourcefire
>> > are
>> > # owned by Sourcefire, Inc., and the GPL Rules not created by Sourcefire
>> > are
>> > owned by
>> > # their respective creators. Please see
>> > http://www.snort.org/snort/snort-team/ for a
>> > # list of third party owners and their respective copyrights.
>> > #
>> > # In order to determine what rules are VRT Certified Rules or GPL Rules,
>> > please refer
>> > # to the VRT Certified Rules License Agreement (v2.0).
>> > #
>> > #-----------------
>> > # ICMP-INFO RULES
>> > #-----------------
>> >
>> > I am suppose to uncomment an alert in the file which should contain lots
>> > of
>> > alerts commented out. but mine doesnt seem to have that content. I have
>> > tried deleting and redownloading but still didnt see any changes in the
>> > file. Thanks
>> >
>> >
>> >
>> >
>> > ------------------------------------------------------------------------------
>> > Dive into the World of Parallel Programming The Go Parallel Website,
>> > sponsored
>> > by Intel and developed in partnership with Slashdot Media, is your hub
>> > for
>> > all
>> > things parallel software development, from weekly thought leadership
>> > blogs
>> > to
>> > news, videos, case studies, tutorials and more. Take a look and join the
>> > conversation now. http://goparallel.sourceforge.net/
>> > _______________________________________________
>> > Snort-sigs mailing list
>> > Snort-sigs at lists.sourceforge.net
>> > https://lists.sourceforge.net/lists/listinfo/snort-sigs
>> > http://www.snort.org
>> >
>> >
>> > Please visit http://blog.snort.org for the latest news about Snort!
>>
>>
>>
>> --
>> Jamie Riden / jamie at ...3509... / jamie.riden at ...2420...
>> http://uk.linkedin.com/in/jamieriden
>
>



-- 
Jamie Riden / jamie at ...3509... / jamie.riden at ...2420...
http://uk.linkedin.com/in/jamieriden




More information about the Snort-sigs mailing list