[Snort-users] I do not know which rule is used here ! reverse is defined !!

VLERICK ROLAND Roland.Vlerick at ...6609...
Wed Aug 14 01:20:03 EDT 2002


Dear snort-users,

Snort Version 1.7 

In snort.conf :

var BB_NET 10.1.224.81/32

var HOME_NET $hme0_ADDRESS

hme0 = 10.1.224.87

Rule ping-lib :

ping-lib:alert icmp !$BB_NET any -> $HOME_NET any (msg:"IDS152 - PING BSD"; content: "|08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17|"; itype: 8; depth: 32;)

Output in alert file :

My server where snort is one sends ping to his default router , how can I ignore this please !!!!!!!!!!!!!

[**] IDS152 - PING BSD [**]
08/14-10:14:54.030952 10.1.224.87 -> 10.1.224.10
ICMP TTL:1 TOS:0x0 ID:16005 IpLen:20 DgmLen:84
Type:8  Code:0  ID:6734   Seq:0  ECHO




More information about the Snort-users mailing list