[Snort-users] Commented rule triggering alerts

Joao Daniel Neves joaodanielnevesss at ...125...
Wed Apr 10 15:54:07 EDT 2013


Hi,

I have a lot of ICMP/Ping alerts. So I decided to remove the rule that was triggering those alerts. The  sid of the rule is 381.
I  did the following:

cd /etc/snort/rules

grep -wril 'sid:381' ./*
./icmp-info.rules

vim icmp-info.rules

I found the line and then commented it by placing an "#" in the begging of the line. I stopped Snort and then stated it again.

And I still get alert for that SID. What can I do to solve it ? 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130410/9d4209fc/attachment.html>


More information about the Snort-users mailing list