Snort mailing list archives
Re: [Snort-users]
From: John Sage <jsage () finchhaven com>
Date: Mon, 11 Jun 2001 10:58:26 -0700
Paul: I had to work on ping-lib to keep it from worrying about all sorts of stuff. You may want to do something like this:alert icmp !$HOME_NET any -> $HOME_NET any (msg:"ICMP Echo Request"; itype:8;)
If I remember correctly, the original syntax was "any any <> $HOME_NET any" which alerts for stuff going in or out...
- John -- John Sage FinchHaven, Vashon Island, WA, USA http://www.finchhaven.com/ mailto:jsage () finchhaven com "The web is so, like, five minutes ago..." Paul Murphy wrote:
Hi all, Does anyone have any ideas why my Snort is picking up Speedera ICMPs *outbound* from my mail server? They are echo requests btw. Thanks, Paul.
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- [Snort-users] Paul Murphy (Jun 11)
- Re: [Snort-users] John Sage (Jun 11)