[Snort-users] geting this rule to work

waldo kitty wkitty42 at ...14940...
Sat Dec 1 11:31:34 EST 2012


On 11/30/2012 16:37, Akinwale Fasuru wrote:
> Hello,
>
> Here is what i came up with:
> alert icmp any any ->  any any (msg:"Traceroute command attempted"; itype:<30; icode:<30; ttl:<30; sid:1000007)
> it seem to work.

now test again with a simple ping and see what happens ;)

>   But i need to write same rule for Windows OS, is it going to be the same thing or what needs to be changed?

networking is networking is networking... you can't really write OS specific 
rules for general tasks like networking...





More information about the Snort-users mailing list