[Snort-users] include icmp.rules
WirthJe at ...4876...
Wed Mar 13 10:29:05 EST 2002
> I don't want snort to alert me when somebody pings something, what should
> disable-icmp.rules, or icmp-info-rules, or both?
These files include signatures that detect activity beyond "pings". I would
recommend reviewing the contents of "icmp.rules" and "icmp-info.rules"
before remarking them out of your snort.conf file completely. During your
review if you find a rule (i.e "ICMP PING Windows" or "ICMP PING") that you
wish to ignore, then remark it or delete it..
More information about the Snort-users