[Snort-users] Snort isn't alerting on some IPs

wkitty42 at ...14940... wkitty42 at ...14940...
Sun Dec 18 10:07:18 EST 2016

On 12/17/2016 07:18 PM, Nouar Ismail wrote:
> Hello
> I installed and configured snort on windows and installed the latest snort rules
> set.
> i have a tcpdump file that contains suspicious icmp traffic from source IP
> but snort did not alert on it.
> i added my own rule in local rules: alert icmp any -> any any (msg:
> "possible pod attack" ; sid:10000001; )
> but also did not alert on it.
> i tried also: alert ip any -> any any (msg: "possible pod attack" ;
> sid:10000001; ) and sill did not alert.
> any one hase any idea about this ?? please it's urgent.

you haven't posted your command line or your config file...

eWAG: add "-k none" to your command line sans quotes...

  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

More information about the Snort-users mailing list