[Snort-users] ignore ping

Roberto Suarez Soto robe at ...3881...
Mon May 27 02:40:02 EDT 2002


On May/24, Jim Williams wrote:

> I am running snort on one end of a vpn and also have a recurring ping
> through the tunnel.  Is there a way to have snort ignore the ping
> source?  Then host is part of $HOME_NET.

	The quickest and safest (IMHO) way is to create a rule that ignores
icmp just from the remote to the local IP. That's the way I'd do it, at least
:-)

-- 
Roberto Suarez Soto					Alfa21 Outsourcing
    robe at ...3881...				     http://www.alfa21.com




More information about the Snort-users mailing list