[Snort-users] oinkmaster.conf enterred disablesid - get enbalbed

Snortty cwcwcwg at ...131...
Tue Dec 16 12:51:01 EST 2003


Hi, All;

I tried to diable some rules by put # in frot of the
rule (here is in the icmp.rule file), and enter it in
the oinkmaster.conf at the bottom of the file as: 

disablesid 485

Then, I just run it simply:

oinkmaster-0.8# oinkmaster.pl -o
/snort/snort-2.0.1/rules/

to see if the change in rule.icmp will be overwritten.


It got overwritten after I run it, and output shows: 

[+++]         Enabled rules:         [+++]

     -> Enabled in icmp.rules (1):
        alert icmp any any -> any any (msg:"ICMP
Destination Unreachable (Communication
Administratively Prohibited)"; itype: 3; icode: 13;
sid:485;  classtype:misc-activity; rev:2;)

This is the rule I put # in front of alert, and in the
oinkmaster.conf with SID number, now it's enabled
after I run oinkmaster.pl. 

Did I miss anything, anyone please?

Thanks a LOT!
SW. 


__________________________________
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/




More information about the Snort-users mailing list