[Snort-users] PP not ignoring ICMP

Agus agus.262 at ...11827...
Fri Apr 8 18:31:29 EDT 2011


Great.. i first tried to put only icmp; that would be the category?
but nothing happened. How can i ignore all icmp? is there a way?
then i saw they were info but must have forgotten

Thanks JJ

2011/4/8 JJC <cummingsj at ...11827...>:
> Those rules don't live in icmp.rules, they live in icmp-info.rules, so you
> would have to also ignore icmp-info.rules.
>
> JJC
>
> On Fri, Apr 8, 2011 at 4:13 PM, Agus <agus.262 at ...11827...> wrote:
>>
>> Hey JJ..
>>
>> this ones
>>
>>  [1:368:6] ICMP PING BSDtype  [Classification: Misc activity]
>> [Priority: 3]: {ICMP}
>> [1:369:6] ICMP PING BayRS Router  [Classification: Misc activity]
>> [Priority: 3]: {ICMP}
>>  [1:373:6] ICMP PING Flowpoint2200 or Network Management Software
>> [Classification: Misc activity] [Priority: 3]: {ICMP}
>>
>> Thanks
>>
>> 2011/4/8 JJC <cummingsj at ...11827...>:
>> > What SIDs were you seeing fire?
>> >
>> > On Fri, Apr 8, 2011 at 3:59 PM, JJC <cummingsj at ...11827...> wrote:
>> >>
>> >> I'll test right quick and let you know what I find... that error just
>> >> indicates that you have an outdated LWP::UserAgent perl module, should
>> >> not
>> >> affect the area that you are having issues with.
>> >>
>> >> JJC
>> >>
>> >> On Fri, Apr 8, 2011 at 3:53 PM, Agus <agus.262 at ...11827...> wrote:
>> >>>
>> >>> Hi guys,
>> >>>
>> >>> I cant make PP ignore icmp rules. Im running PP-060. snort 2.9.0.3
>> >>>
>> >>> I have this line in my pulledpork.conf
>> >>>
>> >>>
>> >>> ignore=deleted.rules,experimental.rules,local.rules,icmp.rules,emerging-drop-BLOCK,emerging-compromised-BLOCK,emerging-dshield-BLOCK,emerging-botcc-BLOCK,emerging-rbn-BLOCK,emerging-tor-BLOCK
>> >>>
>> >>> I have also tried with icmp only and same issue. still getting the
>> >>> icmp alerts and seeing them in the snort.rules.
>> >>>
>> >>> pulledpork.pl -n -c etc/pulledpork.conf -T -v
>> >>> shows:
>> >>>        ignore =
>> >>>
>> >>> deleted.rules,experimental.rules,local.rules,icmp.rules,emerging-drop-BLOCK,emerging-compromised-BLOCK,emerging-dshield-BLOCK,emerging-botcc-BLOCK,emerging-rbn-BLOCK,emerging-tor-BLOCK
>> >>>
>> >>> then it gives me an error, probably something with the perl module.
>> >>> Can't locate object method "show_progress" via package
>> >>> "LWP::UserAgent" at ./pulledpork.pl line 1651.
>> >>>
>> >>> Still ICMP rules in snort.rules
>> >>>
>> >>> Any thoughts?
>> >>>
>> >>> Cheers
>> >>>
>> >>>
>> >>>
>> >>> ------------------------------------------------------------------------------
>> >>> Xperia(TM) PLAY
>> >>> It's a major breakthrough. An authentic gaming
>> >>> smartphone on the nation's most reliable network.
>> >>> And it wants your games.
>> >>> http://p.sf.net/sfu/verizon-sfdev
>> >>> _______________________________________________
>> >>> Snort-users mailing list
>> >>> Snort-users at lists.sourceforge.net
>> >>> Go to this URL to change user options or unsubscribe:
>> >>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> >>> Snort-users list archive:
>> >>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>> >>
>> >
>> >
>
>




More information about the Snort-users mailing list