[Snort-users] snort classification Question
wkitty42 at ...14940...
Sat Aug 25 16:10:33 EDT 2012
On 8/25/2012 01:52, mohamad hosein jafari wrote:
> yes waldo I said before . Snort alert classify description is good but I need
> more information .
ok... let's look...
> for example :
> one classify is "icmp-event" and this description is : Generic ICMP event " .
> but I want to know more information about this for example what kind of ICMP
> event is in this classify?
to me /ALL/ ICMP events would have this classification...
> Or why this is one classify ? Or for example " non
> standard procol" or so no .
i'd have to see what might be using this classification to tell more...
> On Fri, Aug 24, 2012 at 6:48 AM, waldo kitty <wkitty42 at ...14940...
> <mailto:wkitty42 at ...14940...>> wrote:
> On 8/23/2012 01:18, mohamad hosein jafari wrote:
> thanks james
> yes joel but I said before that I need more information than that
> what, in those descriptions, is not clear? they are it... really... they are
> what all implementers and rule creators have to go by... there is and has
> never been anything else ;)
> what am i missing? possibly a language barrier?
More information about the Snort-users