Snort mailing list archives
How to Write Snort Rules and Keep Your Sanity...
From: "Hever C. Rocha - N.O.C" <hever () itcbrasil com br>
Date: Wed, 13 Mar 2002 10:03:16 -0300
Hi Snort Users I am trying to create some rules for the following condition: I have a network 1.1.1.1/20 (bogus IP !), and I want that all ICMP pings from this network not be recorded im my sql database, however i want that the icmp ping from another network be recorded. I know that have to use the "pass rules" but my rules are not working... ex: my local.rules pass icmp any any <> 1.1.1.1/20 any ( not working) pass icmp any any -> 1.1.1.1/20 any ( not working) for while i disable de "ICMP ping" and "ICMP ping undefined" code rules set, but is not the ideal... Sugestions ???? Best Regards from Bahia/Brasil Hever Costa Rocha N.O.C 55 (73) 234-3029 55 (73) 9133-0107 email: hever () itcbrasil com br www.itcbrasil.com.br
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- How to Write Snort Rules and Keep Your Sanity... Hever C. Rocha - N.O.C (Mar 13)
- Re: How to Write Snort Rules and Keep Your Sanity... Chris Green (Mar 13)
- Re: How to Write Snort Rules and Keep Your Sanity... Andreas Hasenack (Mar 13)