fygrave at ...121...
Fri Sep 29 17:42:01 EDT 2000
~ :upstream router and getting the ECHO_REPLY).
~ :After checcking old and new rulesets I found out that Max changed this rule:
~ :snort.ruleset.new:alert ICMP $EXTERNAL any -> $INTERNAL any (msg:
~ :"IDS202/backdoor-Q-icmp"; dsize: >1; itype: 0;)
~ :snort.ruleset.old:alert ICMP 255.255.255.0/24 any -> $INTERNAL any (msg:
~ :"IDS202/backdoor-Q-icmp"; itype: 0; dsize: >1;)
~ :Any good reason for this changing or should I stick with the old
$EXTERNAL looks correct to me.
More information about the Snort-users