[Snort-users] Problem with version 22.214.171.124 and above...
roesch at ...1...
Thu Jul 20 21:27:35 EDT 2000
Turn the rule off? Seriously, you should be able to examine the packet and
see if you're getting pings with no payload. If the rule is incorrect or
giving false positives due to a bug, we should know about it.
If this alert is annoying for you, just turn the rule off. Pings can hardly
be said to be hostile traffic in the most general case, so this rule merely
Guy Bruneau wrote:
> Yes I have noted the same thing here but I don't know of a fix.
> Guy Bruneau
> Thayne Allen wrote:
> > I was just wondering if anyone else was having this problem:
> > Whenever I run Snort ver. 126.96.36.199 or 1.6.3-Beta6 on my RedHat box, I start
> > getting a plethora of IDS162 - PING Nmap2.36BETA alerts coming from many
> > different IP's, going to various IP's on my network. Whenever I run 1.6
> > using the exact same ruleset, I don't get these alerts at all. Is this a
> > bug in 188.8.131.52 and above? Anyone else have this problem or know a fix?
> > Thanks,
> > fellow snortster
> > ________________________________________________________________________
> > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > http://lists.sourceforge.net/mailman/listinfo/snort-users
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
Martin Roesch <roesch at ...2...>
Core R&D http://www.hiverworld.com
Hiverworld, Inc. Continuous Adaptive Risk Management
More information about the Snort-users