[Snort-users] Snort isn't alerting on some IPs

Nouar Ismail nouaresmail at ...11827...
Sat Dec 17 19:18:25 EST 2016


Hello
I installed and configured snort on windows and installed the latest snort
rules set.
i have a tcpdump file that contains suspicious icmp traffic from source IP
1.2.3.4
but snort did not alert on it.
i added my own rule in local rules: alert icmp 1.2.3.4 any -> any any (msg:
"possible pod attack" ; sid:10000001; )
but also did not alert on it.
i tried also: alert ip 1.2.3.4 any -> any any (msg: "possible pod attack" ;
sid:10000001; ) and sill did not alert.
any one hase any idea about this ?? please it's urgent.
Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20161218/02c00cb4/attachment.html>


More information about the Snort-users mailing list