[Snort-users] ICMP Ping NMAP troubleshooting

Stephen W. Thomas swthomas at ...9227...
Tue May 20 06:39:11 EDT 2003

That would be another option. Of course the example uses a source as the one you want to ignore/filter and in my case I don't want to ignore all of our servers as the source rather I want to ignore the one server as the destination. I was thinking about modifying the ICMP Ping NMAP rule to read something like "alert xxxx $EXTERNAL_NET any -> $HOME_NET !foo"
The one question I have with this is will it get overwrittent when Acid updates the rules?

	-----Original Message----- 
	From: Erek Adams [mailto:erek at ...950...] 
	Sent: Tue 5/20/2003 8:31 AM 
	To: Stephen W. Thomas 
	Cc: snort-users at lists.sourceforge.net 
	Subject: Re: [Snort-users] ICMP Ping NMAP troubleshooting

	On Tue, 20 May 2003, Stephen W. Thomas wrote:
	> A. Ignore the thousands of hits it gets
	> B. Disable that one rule for the one destination.
	And two other ways:
	Erek Adams
	   "When things get weird, the weird turn pro."   H.S. Thompson

More information about the Snort-users mailing list