[Snort-users] include icmp.rules

Wirth, Jeff WirthJe at ...4876...
Wed Mar 13 10:29:05 EST 2002


> I don't want snort to alert me when somebody pings something, what should
I
> disable-icmp.rules, or icmp-info-rules, or both?

These files include signatures that detect activity beyond "pings".  I would
recommend reviewing the contents of "icmp.rules" and "icmp-info.rules"
before remarking them out of your snort.conf file completely.  During your
review if you find a rule (i.e "ICMP PING Windows" or "ICMP PING") that you
wish to ignore, then remark it or delete it..  

- Jeff





More information about the Snort-users mailing list