AW: [Snort-users] How to ignore ping/icmp traffic to-from a host

Poppi, Sandro Sandro.Poppi at ...3316...
Tue Feb 26 09:25:18 EST 2002


Use so-called pass rules, i.e.

pass icmp any any -> any any

Also you'll have to use snort's commandline option -o

Take a look into the snort user's manual for more on that issue.

HTH,
Sandro
> 
> I'm a bit of a newbie with snort, so pardon my ignorance.  I have
> tried to find this info elsewhere with no success.
> 
> I am trying to tell snort to ignore icmp/ping traffic to and from a
> specific host.  This host is used at 10 minute intervals to ping a
> bank of servers to monitor up/down status.  As snort is currently
> configured, this ping sweep triggers a snort alarm.  Can anyone help
> me out with the appropriate entry in the rule set?
> 
> Any help is greatly appreciated.
> 
> Regards,
> 
> Steve
> 
> 
> 
> _________________________________________________________________
> Get your FREE download of MSN Explorer at 
> http://explorer.msn.com/intl.asp.
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 




More information about the Snort-users mailing list