[Snort-users] Snort isn't alerting on some IPs
nouaresmail at ...11827...
Sat Dec 17 19:18:25 EST 2016
I installed and configured snort on windows and installed the latest snort
i have a tcpdump file that contains suspicious icmp traffic from source IP
but snort did not alert on it.
i added my own rule in local rules: alert icmp 188.8.131.52 any -> any any (msg:
"possible pod attack" ; sid:10000001; )
but also did not alert on it.
i tried also: alert ip 184.108.40.206 any -> any any (msg: "possible pod attack" ;
sid:10000001; ) and sill did not alert.
any one hase any idea about this ?? please it's urgent.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users