[Snort-users] snort classification Question

waldo kitty wkitty42 at ...14940...
Sat Aug 25 16:10:33 EDT 2012


On 8/25/2012 01:52, mohamad hosein jafari wrote:
> yes waldo  I said before . Snort  alert classify description is good but I need
> more information .

ok... let's look...

> for example :
> one classify is "icmp-event" and this description is : Generic ICMP event " .

ok...

> but I want to know more information  about this for example what kind of ICMP
> event is in this classify?

to me /ALL/ ICMP events would have this classification...

> Or why this is one classify ? Or for example " non
> standard procol" or so no .

i'd have to see what might be using this classification to tell more...

>
> Thanks
>
> On Fri, Aug 24, 2012 at 6:48 AM, waldo kitty <wkitty42 at ...14940...
> <mailto:wkitty42 at ...14940...>> wrote:
>
>     On 8/23/2012 01:18, mohamad hosein jafari wrote:
>
>         thanks james
>
>
>         yes joel but I said before that I need more information than that
>         description
>
>
>     what, in those descriptions, is not clear? they are it... really... they are
>     what all implementers and rule creators have to go by... there is and has
>     never been anything else ;)
>
>     what am i missing? possibly a language barrier?





More information about the Snort-users mailing list