[Snort-users] Re: Snort-users digest, Vol 1 #1305 - 14 msgs

Joe Pampel joe at ...3851...
Thu Nov 15 05:11:03 EST 2001


1. Win2k Snort set up:  www.silicondefense.com    (I reccommend the full set up with ACID fwiw..)
2. If you are asking about the ICMP to hide your snort box, just build the receive-only cable and it's a non issue.
(put a 2nd NIC on the box that is behind a FW and use that address to monitor.)


>>From: Peter.VE at ...1187... [mailto:Peter.VE at ...1187...] 
Sent: Wednesday, November 14, 2001 2:44 AM
To: snort-users at lists.sourceforge.net 
Subject: [Snort-users] icmp


Hi,

I'm running snort 1.8.2 on Win2K
I want to block ICMP (by replying to a echo request   with
echo_host_unreachable)

Can I do this ?

Does anyone have any documents on using & configuring snort on Win2K ? I'm
still trying to find out how it works, but I haven't found it yet...

thanks





More information about the Snort-users mailing list