[Snort-users] [Snort-users] Speedera

Paul Murphy paul.murphy at ...2217...
Tue Jun 12 04:47:31 EDT 2001


Thanks John.  My mailserver is behind a firewall that blocks ICMP.  I suppose my question was twofold:  Why is my mailserver managing to emit icmp at all, and when it does, why do they have the speedera signature?

So I guess this is ot really for this list, as I can stop Snort triggering because of this, but I still don't know why it is happening in the first place.

Any offers?

Paul.



>>> John Sage <jsage at ...2022...> 6/11/2001 06:58:26 pm >>>
Paul:

I had to work on ping-lib to keep it from worrying about all sorts of stuff.

You may want to do something like this:

alert icmp !$HOME_NET any -> $HOME_NET any (msg:"ICMP Echo Request"; 
itype:8;)

If I remember correctly, the original syntax was "any any <> $HOME_NET 
any" which alerts for stuff going in or out...

- John

-- 
John Sage
FinchHaven, Vashon Island, WA, USA
http://www.finchhaven.com/ 
mailto:jsage at ...2022... 
"The web is so, like, five minutes ago..."


Paul Murphy wrote:

> Hi all,
> 
> Does anyone have any ideas why my Snort is picking up Speedera ICMPs *outbound* from my mail server?
> 
> They are echo requests btw.
> 
> Thanks,
> 
> Paul.
> 



_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net 
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users 
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



---------------------------------------------------------------------------------------------------------------------------
CRESTCo Ltd.             The views expressed above are not necessarily those
33 Cannon Street.        held by CRESTCo Limited.
London  EC4M 5SB (UK)      
+44 (020) 7849 0000     http://www.crestco.co.uk 
---------------------------------------------------------------------------------------------------------------------------




More information about the Snort-users mailing list