Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: upgraded some tools (snortplot)

From: Brian <bmc () snort org>
Date: Mon, 29 Oct 2001 15:03:42 -0500
According to Angelos Karageorgiou:

=============
Oct 22 08:48:19 cat snort[1050]: [1:485:1] ICMP Destination Unreachable
(Communication Administratively Prohibited) {ICMP} 193.92.130.201 ->
193.92.44.194

Oct 22 09:27:14 cat snort[1050]: [1:499:1] MISC Large ICMP Packet
[Classification: Potentially Bad Traffic] [Priority: 2]: {ICMP} 205.160.52.52
-> 193.92.44.194

Oct 22 12:46:02 cat snort[1050]: [1:480:1] ICMP PING speedera {ICMP}
63.251.167.2 -> 193.92.44.194
=============

IN the two above lines , both for ICMP traffic, one uses parentheses and 
one uses square brackets, and the third line has neither parens nor quotes.


Actually, the second one prints its priority and classification.  The
other two are not.  If thats coming from the same version of snort,
then there is a bug.

Marty?


I do not mean to belittle anybody's work here, I am just saying that maybe 
we need a rule creation metaengine, probably based on M4 or some macro 
language which will generate the rules.


No, its not the problem of the rules.  its something else.

-- 
never offend people with style, when you can offend them with substance.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: