Snort mailing list archives
Re: geting this rule to work
From: waldo kitty <wkitty42 () windstream net>
Date: Sat, 01 Dec 2012 11:31:34 -0500
On 11/30/2012 16:37, Akinwale Fasuru wrote:
Hello, Here is what i came up with: alert icmp any any -> any any (msg:"Traceroute command attempted"; itype:<30; icode:<30; ttl:<30; sid:1000007) it seem to work.
now test again with a simple ping and see what happens ;)
But i need to write same rule for Windows OS, is it going to be the same thing or what needs to be changed?
networking is networking is networking... you can't really write OS specific rules for general tasks like networking... ------------------------------------------------------------------------------ Keep yourself connected to Go Parallel: INSIGHTS What's next for parallel hardware, programming and related areas? Interviews and blogs by thought leaders keep you ahead of the curve. http://goparallel.sourceforge.net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- geting this rule to work Akinwale Fasuru (Nov 29)
- Re: geting this rule to work Jeremy Hoel (Nov 29)
- Re: geting this rule to work Giles Coochey (Nov 29)
- Re: geting this rule to work Jeremy Hoel (Nov 29)
- Re: geting this rule to work Marcos Rodriguez (Nov 29)
- Re: geting this rule to work Jeremy Hoel (Nov 29)
- Re: geting this rule to work Giles Coochey (Nov 29)
- Re: geting this rule to work Marcos Rodriguez (Nov 29)
- Re: geting this rule to work waldo kitty (Nov 29)
- Re: geting this rule to work Akinwale Fasuru (Nov 30)
- Re: geting this rule to work JJC (Dec 01)
- Re: geting this rule to work waldo kitty (Dec 01)
- Re: geting this rule to work Jeremy Hoel (Dec 02)
- Re: geting this rule to work Jeremy Hoel (Nov 29)
- <Possible follow-ups>
- Re: geting this rule to work Y M (Nov 29)