Snort mailing list archives
Re: Snort Rules Enquiry
From: Jamie Riden <jamie.riden () gmail com>
Date: Tue, 26 May 2015 07:40:55 +0100
There should be some content that looks like this - not this itself, I stole it from fwsnort - but you get the general idea. #alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP IRDP router advertisement"; itype:9; reference:arachnids,173; reference:bugtraq,578; reference:cve,1999-0875; classtype:misc-activity; sid:363; rev:7;) Obviously, uncommenting it is left as an (easy) excercise for the reader. If 2973 seems to be empty, try grabbing an older version. cheers, Jamie On 26 May 2015 at 06:16, Diego Batigoal <diegobatigoal () yahoo com au> wrote:
Hi, Just got stuck in the setup of the pdf CEH Lab Manual Page 860-861. I have downloaded the Snort 2973 and also downloaded the snortrules-snapshot-2973.tar rules but the rules all seem to be empty containing just the copyright information. I have configured snort but I need to enable detection rules in snort rule file. I am walking through the CEH lab and I am stuck at enabling ICMP rule. I have the file icmp-info.rules in C:\Snort\rules. I only see this when I open the file: # Copyright 2001-2013 Sourcefire, Inc. All Rights Reserved. # # This file contains (i) proprietary rules that were created, tested and certified by # Sourcefire, Inc. (the "VRT Certified Rules") that are distributed under the VRT # Certified Rules License Agreement (v 2.0), and (ii) rules that were created by # Sourcefire and other third parties (the "GPL Rules") that are distributed under the # GNU General Public License (GPL), v2. # # The VRT Certified Rules are owned by Sourcefire, Inc. The GPL Rules were created # by Sourcefire and other third parties. The GPL Rules created by Sourcefire are # owned by Sourcefire, Inc., and the GPL Rules not created by Sourcefire are owned by # their respective creators. Please see http://www.snort.org/snort/snort-team/ for a # list of third party owners and their respective copyrights. # # In order to determine what rules are VRT Certified Rules or GPL Rules, please refer # to the VRT Certified Rules License Agreement (v2.0). # #----------------- # ICMP-INFO RULES #----------------- I am supposed to uncomment an alert in the file which should contain lots of alerts commented out. but mine doesn't seem to have that content. What can I do in this phase ? Regards, Diego ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
-- Jamie Riden / jamie () honeynet org / jamie.riden () gmail com http://uk.linkedin.com/in/jamieriden ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Snort Rules Enquiry Diego Batigoal (May 25)
- Re: Snort Rules Enquiry Jamie Riden (May 25)
- Re: Snort Rules Enquiry Joel Esler (jesler) (May 26)
- Re: Snort Rules Enquiry waldo kitty (May 26)
- Re: Snort Rules Enquiry Joel Esler (jesler) (May 26)
- Re: Snort Rules Enquiry Joel Esler (jesler) (May 26)
- Re: Snort Rules Enquiry Jamie Riden (May 25)