[Snort-users] snort classification Question

mohamad hosein jafari smhjafari68 at ...11827...
Sat Aug 25 01:52:35 EDT 2012


yes  waldo  I said before . Snort  alert classify description is good but I
need more information .
for example :
one classify is "icmp-event   " and this description is :  Generic ICMP
event " . but I want to know more information  about this for example what
kind of ICMP event is in this classify? Or why this is one classify ? Or
for example " non standard procol" or so no .

Thanks

On Fri, Aug 24, 2012 at 6:48 AM, waldo kitty <wkitty42 at ...14940...>wrote:

> On 8/23/2012 01:18, mohamad hosein jafari wrote:
>
>> thanks james
>>
>>
>> yes joel but I said before that I need more information than that
>> description
>>
>
> what, in those descriptions, is not clear? they are it... really... they
> are what all implementers and rule creators have to go by... there is and
> has never been anything else ;)
>
> what am i missing? possibly a language barrier?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120825/21f0c2ea/attachment.html>


More information about the Snort-users mailing list