[Snort-users] How to Write Snort Rules and Keep Your Sanity...
Hever C. Rocha - N.O.C
hever at ...5283...
Wed Mar 13 05:06:04 EST 2002
> Hi Snort Users
> I am trying to create some rules for the following condition:
> I have a network 22.214.171.124/20 (bogus IP !), and I want that all ICMP pings
> from this network not be recorded im my sql database, however i want that
> the icmp ping from another network be recorded.
> I know that have to use the "pass rules" but my rules are not working...
> my local.rules
> pass icmp any any <> 126.96.36.199/20 any ( not working)
> pass icmp any any -> 188.8.131.52/20 any ( not working)
> for while i disable de "ICMP ping" and "ICMP ping undefined" code rules
> set, but is not the ideal...
> Sugestions ????
> Best Regards from Bahia/Brasil
> Hever Costa Rocha
> 55 (73) 234-3029
> 55 (73) 9133-0107
> email: hever at ...5283...
More information about the Snort-users