[Snort-users] Commented rule triggering alerts
jesler at ...1935...
Wed Apr 10 16:03:52 EDT 2013
On Apr 10, 2013, at 3:54 PM, Joao Daniel Neves <joaodanielnevesss at ...125...> wrote:
> I have a lot of ICMP/Ping alerts. So I decided to remove the rule that was triggering those alerts. The sid of the rule is 381.
> I did the following:
> cd /etc/snort/rules
> grep -wril 'sid:381' ./*
> vim icmp-info.rules
> I found the line and then commented it by placing an "#" in the begging of the line. I stopped Snort and then stated it again.
> And I still get alert for that SID. What can I do to solve it ?
Are you using pulledpork?
Senior Research Engineer, VRT
OpenSource Community Manager
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users