[Snort-users] how enable icmp snort-2.9.6.1

Y M snort at ...15979...
Fri Jun 20 13:23:35 EDT 2014


This is not an error, this is the ASCII representation of your alert. The signature sid:477 was matched and alerted upon.
YM

Date: Fri, 20 Jun 2014 17:18:14 +0100
From: coelho.hernani at ...16858...
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] how enable icmp snort-2.9.6.1


  
    
  
  
    

    Em 19-06-2014 20:06, waldo kitty
      escreveu:

    
    
      On 6/19/2014 9:20 AM, hernani wrote:

      
        *i dont need something in stream5_global for ip?

      
      yes, you do...

 > preprocessor stream5_global: track_tcp yes, \
 >      track_udp yes, \
 >      track_icmp yes, \
        track_ip yes, \
 >      max_tcp 262144, \

http://manual.snort.org/node73.html

it is recommended that you utilize the above URL pages as completely as you 
can... they contain all the docs for the current snort... node1 is, of course, 
the beginning ;)

    
    hello,

    

     i make progress 

    

    in barnyard2 now detect icmp but give me this ---> 
    06/20-17:07:46.151595  [**] [1:477:3] DELETED ICMP Source Quench
    [**]

    

    can someone help me with this error?

    

    thanks 

    

    hernani

  


------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news! 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140620/1899d865/attachment.html>


More information about the Snort-users mailing list