[Snort-users] Commented rule triggering alerts

Y M snort at ...15979...
Wed Apr 10 16:20:26 EDT 2013


Which ruleset are you using? icmp-info.rules and icmp.rules have been consolidated under a new rules file with the name: protocol-icmp.rules
________________________________
From: Joao Daniel Neves<mailto:joaodanielnevesss at ...125...>
Sent: ‎4/‎10/‎2013 10:54 PM
To: snort-users at lists.sourceforge.net<mailto:snort-users at ...3783...net>
Subject: [Snort-users] Commented rule triggering alerts

Hi,

I have a lot of ICMP/Ping alerts. So I decided to remove the rule that was triggering those alerts. The  sid of the rule is 381.
I  did the following:

cd /etc/snort/rules

grep -wril 'sid:381' ./*
./icmp-info.rules

vim icmp-info.rules

I found the line and then commented it by placing an "#" in the begging of the line. I stopped Snort and then stated it again.

And I still get alert for that SID. What can I do to solve it ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130410/8adb96d2/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
-------------- next part --------------
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


More information about the Snort-users mailing list