[Snort-users] Re: How to ignore ping/icmp traffic to-from a host
Alex Pinheiro Machado Rodrigues
alex at ...3156...
Tue Feb 26 09:23:03 EST 2002
Just add "not host nnn.nnn.nnn.nnn" at the snort startup parameters:
ex: "snort -dev -c snort conf not host 192.168.200.3"
----- Original Message -----
From: "Steve Tyrol" <steve_tyrol at ...125...>
To: <snort-users at lists.sourceforge.net>
Sent: Tuesday, February 26, 2002 2:10 PM
Subject: [Snort-users] How to ignore ping/icmp traffic to-from a host
I'm a bit of a newbie with snort, so pardon my ignorance. I have
tried to find this info elsewhere with no success.
I am trying to tell snort to ignore icmp/ping traffic to and from a
specific host. This host is used at 10 minute intervals to ping a
bank of servers to monitor up/down status. As snort is currently
configured, this ping sweep triggers a snort alarm. Can anyone help
me out with the appropriate entry in the rule set?
Any help is greatly appreciated.
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users