[Snort-sigs] Snort Rules Enquiry

Diego Batigoal diegobatigoal at ...3718...
Tue May 26 01:16:48 EDT 2015


Hi, 
Just got stuck in the setup of the pdf CEH Lab Manual Page 860-861.
I have downloaded the Snort 2973 and also downloaded the snortrules-snapshot-2973.tar rules but the rules all seem to be empty
containing just the copyright information. 
I have configured snort but I need to enable detection rules in snort rule file. I am walking through the CEH lab and I am stuck at enabling ICMP rule.
I have the file icmp-info.rules in C:\Snort\rules. I only see this when I open the file:

# Copyright 2001-2013 Sourcefire, Inc. All Rights Reserved.
#
# This file contains (i) proprietary rules that were created, tested and
certified by
# Sourcefire, Inc. (the "VRT Certified Rules") that are distributed under
the    VRT
# Certified Rules License Agreement (v 2.0), and (ii) rules that were
created by
# Sourcefire and other third parties (the "GPL Rules") that are distributed
under the
# GNU General Public License (GPL), v2.
#
# The VRT Certified Rules are owned by Sourcefire, Inc. The GPL Rules were
created
# by Sourcefire and other third parties. The GPL Rules created by Sourcefire
are
# owned by Sourcefire, Inc., and the GPL Rules not created by Sourcefire are
owned by
# their respective creators. Please see
http://www.snort.org/snort/snort-team/ for a
# list of third party owners and their respective copyrights.
#
# In order to determine what rules are VRT Certified Rules or GPL Rules,
please refer
# to the VRT Certified Rules License Agreement (v2.0).
#
#-----------------
# ICMP-INFO RULES
#-----------------

I am supposed to uncomment an alert in the file which should contain lots of alerts commented out. but mine doesn't seem to have that content.
What can I do in this phase ?
Regards,Diego

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20150526/59b9197c/attachment.html>


More information about the Snort-sigs mailing list