[Snort-users] SUMMARY, CyberKit 2.2 Ping, its driven me Nuts..

Brice B nesta at ...10862...
Wed Dec 31 18:21:02 EST 2003


Chris,

  would you mind telling us how you set it to alert only internal 
Cyberkit/Nachi ping attempts? Did you use thresholding?

Regards,

  Brice Burgess

Chris N wrote:

>Fellowship of the Snort,
>
>I guess I should have clarified that all the "CyberKit 2.2 Ping" alerts were
>ingress only.
>
>Some of you guys suggested just removing the alert. Yes that would stop the
>chaos, but I didn't want to blind myself. Although, I do have to admit I was
>leaning this way.
>
>With the advise from a few others I decided to keep the rule, but with a
>slight modification to alert me on egress only. I am only really concerned
>about systems within my network. Yes, keeping track of this traffic from the
>outside would be a good idea, but in my environment its not feasible.
>Someday, when I'm questioned about the necessity of an IDS, I will switch
>this alert and a few others back to saturate, so as to subdue the
>misinformed.
>
>Thank you for your time
>Chris N.
>
>  
>





More information about the Snort-users mailing list