AW: [Snort-users] How to ignore ping/icmp traffic to-from a host
Sandro.Poppi at ...3316...
Tue Feb 26 09:25:18 EST 2002
Use so-called pass rules, i.e.
pass icmp any any -> any any
Also you'll have to use snort's commandline option -o
Take a look into the snort user's manual for more on that issue.
> I'm a bit of a newbie with snort, so pardon my ignorance. I have
> tried to find this info elsewhere with no success.
> I am trying to tell snort to ignore icmp/ping traffic to and from a
> specific host. This host is used at 10 minute intervals to ping a
> bank of servers to monitor up/down status. As snort is currently
> configured, this ping sweep triggers a snort alarm. Can anyone help
> me out with the appropriate entry in the rule set?
> Any help is greatly appreciated.
> Get your FREE download of MSN Explorer at
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users