[Snort-users] CyberKit 2.2 Ping, its driven me Nuts..

Matthew L. McCarty matthew at ...10792...
Mon Dec 29 11:25:02 EST 2003


This rule is also triggered if you use any of the services offered by 
www.ineto.com

So I would imagine there may be other services that trigger this alert.

I received thousands and thousands a day -- so I disabled the rule on incoming 
traffic.

On Monday 29 December 2003 12:22, Thompson, Jimi wrote:
> All,
>
> My personal preference is to re-write the rule to ignore external traffic.
> I tend to block all PING traffic at the firewall.  I can't think of a good
> reason that anyone would need to ping anything that's on my network.  If
> you have something infected on your internal network, you should a) know
> about it and b) fix it so completely disabling the rule really isn't an
> option to me.
>
> You can do this by reversing the "$EXTERNAL_NET any -> $HOME_NET" portion
> of the rule to read "$HOME_NET any -> $EXTERNAL_NET" and adding a copy of
> the rule ("$HOME_NET any -> $HOME_NET") to show traffic on your local
> network. These two should cause SNORT to catch any outbound or local
> traffic allowing you to clean up your network and make better use of your
> bandwidth.
>
> HTH,
>
> Jimi
>
> -----Original Message-----
> From: Chris N [mailto:chris.northrop at ...406...]
> Sent: Monday, December 29, 2003 12:52 PM
> To: snort-users at lists.sourceforge.net;
> snort-users-admin at lists.sourceforge.net
> Subject: [Snort-users] CyberKit 2.2 Ping, its driven me Nuts..
>
> Fellow Snorters,
>
> Ok, I have had enough of this "CyberKit 2.2 Ping." How are some of you guys
> dealing with it? Do you just ignore(pass), log every one, or go and try to
> shut the offending hosts down? Although, trying to shutdown all the
> offending host could be a daunting task, since there are so dam many.
>
> Chris
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: IBM Linux Tutorials.
> Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
> Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
> Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: IBM Linux Tutorials.
> Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
> Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
> Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-- 
Matthew L. McCarty
Rare Earth Strategies Group Inc.
www.rareearthstrategies.com
(405)209-9598

Bringing IT solutions to your business through innovative strategies.





More information about the Snort-users mailing list