Snort mailing list archives
Re: icmp-info.rules
From: Erek Adams <erek () snort org>
Date: Thu, 20 Feb 2003 15:21:39 -0500 (EST)
On Thu, 20 Feb 2003, Petreski, Samuel wrote:
I have installed and configured SNORT, the only main problem that I have is when I enable the icmp-info.rules rule it picks up also the pings from my monitoring server. In a way this is great to know that it works, but also very annoying? Any help would be greatly appreciated!
Right. That's why the icmp-info.rules file is _not_ enabled in the default distro. If you want/need it on, then you need to learn how to ignore that traffic from that host. It's been covered here more times than I could count. Please have a look at this email [0] for more info. That should get you fixed. Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson [0] http://www.theadamsfamily.net/~erek/snort/ignore.txt ------------------------------------------------------- This SF.net email is sponsored by: SlickEdit Inc. Develop an edge. The most comprehensive and flexible code editor you can use. Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial. www.slickedit.com/sourceforge _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- icmp-info.rules Petreski, Samuel (Feb 20)
- Re: icmp-info.rules Erek Adams (Feb 20)
- Re: icmp-info.rules James-lists (Feb 20)
- Custom syn flood rule webcatalog (Feb 20)
- <Possible follow-ups>
- Re: icmp-info.rules pro0digy (Feb 21)