[Snort-users] ignore ping
Roberto Suarez Soto
robe at ...3881...
Mon May 27 02:40:02 EDT 2002
On May/24, Jim Williams wrote:
> I am running snort on one end of a vpn and also have a recurring ping
> through the tunnel. Is there a way to have snort ignore the ping
> source? Then host is part of $HOME_NET.
The quickest and safest (IMHO) way is to create a rule that ignores
icmp just from the remote to the local IP. That's the way I'd do it, at least
Roberto Suarez Soto Alfa21 Outsourcing
robe at ...3881... http://www.alfa21.com
More information about the Snort-users