[Snort-users] [Snort-users]

John Sage jsage at ...2022...
Mon Jun 11 13:58:26 EDT 2001


Paul:

I had to work on ping-lib to keep it from worrying about all sorts of stuff.

You may want to do something like this:

alert icmp !$HOME_NET any -> $HOME_NET any (msg:"ICMP Echo Request"; 
itype:8;)

If I remember correctly, the original syntax was "any any <> $HOME_NET 
any" which alerts for stuff going in or out...

- John

-- 
John Sage
FinchHaven, Vashon Island, WA, USA
http://www.finchhaven.com/
mailto:jsage at ...2022...
"The web is so, like, five minutes ago..."


Paul Murphy wrote:

> Hi all,
> 
> Does anyone have any ideas why my Snort is picking up Speedera ICMPs *outbound* from my mail server?
> 
> They are echo requests btw.
> 
> Thanks,
> 
> Paul.
> 






More information about the Snort-users mailing list