[Snort-users] Pass Rule not working?
stevele at ...4444...
Wed Jul 24 09:47:04 EDT 2002
I've been getting alerts in ACID because of ICMP packets. The message is
ICMP Destination Unreachable (Communication Administratively Prohibited)
I know this particular issue has been addressed previously and I think I
understand why it's happening. The servers on my Home Net are trying to
ping to places that they aren't allowed to ping and the packets are being
returned by an intermediary device. Trying to be clever, I wrote a pass
rule in my local.rules file:
pass icmp any any -> *.*.*.* any (itype: 3; icode: 13)
I'm still getting errors.
What'd I do wrong?
More information about the Snort-users