[Snort-sigs] about rules commented

Joel Esler (jesler) jesler at ...3865...
Fri May 29 09:10:44 EDT 2015


On May 27, 2015, at 11:16 PM, Diego Batigoal <diegobatigoal at ...3718...<mailto:diegobatigoal at ...3718...>> wrote:

Hi Waldo,

On the Certified Ethical Hacker v8 module on pg. 861. I have to apply a few steps.
I have attached a pdf so you can have a look and have a better view.
Let me know if you are not able to view it.


Looks like you are looking for an ICMP rule.  Take a look at protocol-icmp.rules?

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos Group
http://www.talosintel.com




On Thursday, 28 May 2015, 12:39, waldo kitty <wkitty42 at ...3507...<mailto:wkitty42 at ...3507...>> wrote:


On 05/27/2015 07:24 PM, Diego Batigoal wrote:
> I realized that and still struggling with this step.  Maybe somebody that had
> done the same training (CEH v8) could help.

what step? what training, where?

> I can't proceed from this step onwards.  I have found the missing rules but cant
> seem to find the one I want.

what, exactly are you looking for? it is starting to sound like the training
""manual"" it out of date... that's real easy to happen with snort and its rules
because of the way snort is updated and older versions are retired with no
support at all...

--
  NOTE: No off-list assistance is given without prior approval.
        Please *keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.


------------------------------------------------------------------------------
_______________________________________________
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net<mailto:Snort-sigs at lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org<http://www.snort.org/>


Please visit http://blog.snort.org <http://blog.snort.org/> for the latest news about Snort!


<CEH v8 Labs Module 17 Evading IDS, Firewalls and Honeypots 16.pdf>------------------------------------------------------------------------------
_______________________________________________
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net<mailto:Snort-sigs at lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20150529/cf0829ea/attachment.html>


More information about the Snort-sigs mailing list