[Snort-users] removing ping alerts

Fyodor fygrave at ...121...
Thu Oct 5 19:53:02 EDT 2000


On Thu, Oct 05, 2000 at 04:13:22PM +0200, Raphael Bauduin wrote:
> 
> An it is coming from this rule:
> 
> alert icmp !$HOME_NET any -> $HOME_NET any (msg:"IDS152 - PING BSD"; content: 
> "|08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17|"; itype: 8; depth: 32;)
> 
> 
> 
> To avoid these messages, I put this line t the beginning of my rules file:
> 
> pass icmp 172.16.1.96 any <> 172.16.0.9 any 
> 


you will need to start snort with -o option. It will reorder rules in sequence:
pass, alert, log.





More information about the Snort-users mailing list