[Snort-users] How to Write Snort Rules and Keep Your Sanity...

Chris Green cmg at ...1935...
Wed Mar 13 05:32:03 EST 2002


"Hever C. Rocha - N.O.C" <hever at ...5283...> writes:

>> ex: 
>>  my local.rules
>> 
>> pass icmp any any <> 1.1.1.1/20  any ( not working)
>> pass icmp any any -> 1.1.1.1/20  any  ( not working)
>> 
>> for while i disable de "ICMP ping" and "ICMP ping undefined" code rules
>> set, but is not the ideal...

Try adding a -o to your snort command line to change the order of
alert generation.
-- 
Chris Green <cmg at ...1935...>
Let not the sands of time get in your lunch.





More information about the Snort-users mailing list