[Snort-users] Pass Rule not working?

Chris Green cmg at ...1935...
Wed Jul 24 11:29:07 EDT 2002


Steve Lebeda <stevele at ...4444...> writes:

> I've been getting alerts in ACID because of ICMP packets. The
> message is ICMP Destination Unreachable (Communication
> Administratively Prohibited) I know this particular issue has been
> addressed previously and I think I understand why it's
> happening. The servers on my Home Net are trying to ping to places
> that they aren't allowed to ping and the packets are being returned
> by an intermediary device. Trying to be clever, I wrote a pass rule
> in my local.rules file:

You may wish to do that but why not just disable the rule itself?

If you really want a pass rule, follow the other messages in the
thread.
-- 
Chris Green <cmg at ...1935...>
I've had a perfectly wonderful evening. But this wasn't it.
     -- Groucho Marx




More information about the Snort-users mailing list