[Snort-users] Re: How to ignore ping/icmp traffic to-from a host

Alex Pinheiro Machado Rodrigues alex at ...3156...
Tue Feb 26 09:23:03 EST 2002

Just add "not host nnn.nnn.nnn.nnn" at the snort startup parameters:
ex: "snort -dev -c snort conf not host"

Alex, Brazil

----- Original Message ----- 
From: "Steve Tyrol" <steve_tyrol at ...125...>
To: <snort-users at lists.sourceforge.net>
Sent: Tuesday, February 26, 2002 2:10 PM
Subject: [Snort-users] How to ignore ping/icmp traffic to-from a host

I'm a bit of a newbie with snort, so pardon my ignorance.  I have
tried to find this info elsewhere with no success.

I am trying to tell snort to ignore icmp/ping traffic to and from a
specific host.  This host is used at 10 minute intervals to ping a
bank of servers to monitor up/down status.  As snort is currently
configured, this ping sweep triggers a snort alarm.  Can anyone help
me out with the appropriate entry in the rule set?

Any help is greatly appreciated.



Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.

Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list