[Snort-users] Problem with version 1.6.2.2 and above...

Martin Roesch roesch at ...1...
Thu Jul 20 21:27:35 EDT 2000


Turn the rule off?  Seriously, you should be able to examine the packet and
see if you're getting pings with no payload.  If the rule is incorrect or
giving false positives due to a bug, we should know about it.  

If this alert is annoying for you, just turn the rule off.  Pings can hardly
be said to be hostile traffic in the most general case, so this rule merely
provides information.

    -Marty

Guy Bruneau wrote:
> 
> Yes I have noted the same thing here but I don't know of a fix.
> 
> Guy Bruneau
> 
> Thayne Allen wrote:
> 
> > I was just wondering if anyone else was having this problem:
> >
> > Whenever I run Snort ver. 1.6.2.2 or 1.6.3-Beta6 on my RedHat box, I start
> > getting a plethora of IDS162 - PING Nmap2.36BETA alerts coming from many
> > different IP's, going to various IP's on my network.  Whenever I run 1.6
> > using the exact same ruleset, I don't get these alerts at all.  Is this a
> > bug in 1.6.2.2 and above?  Anyone else have this problem or know a fix?
> > Thanks,
> >
> > fellow snortster
> > ________________________________________________________________________
> > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > http://lists.sourceforge.net/mailman/listinfo/snort-users
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users

-- 
Martin Roesch                      <roesch at ...2...>
Core R&D                         http://www.hiverworld.com
Hiverworld, Inc.       Continuous Adaptive Risk Management




More information about the Snort-users mailing list