AW: How to ignore ping/icmp traffic to-from a host

["Poppi, Sandro" <Sandro.Poppi () wacker com>]

Use so-called pass rules, i.e.

pass icmp any any -> any any

Also you'll have to use snort's commandline option -o

Take a look into the snort user's manual for more on that issue.

HTH,
Sandro
> I'm a bit of a newbie with snort, so pardon my ignorance.  I have
> tried to find this info elsewhere with no success.
>
> I am trying to tell snort to ignore icmp/ping traffic to and from a
> specific host.  This host is used at 10 minute intervals to ping a
> bank of servers to monitor up/down status.  As snort is currently
> configured, this ping sweep triggers a snort alarm.  Can anyone help
> me out with the appropriate entry in the rule set?
>
> Any help is greatly appreciated.
>
> Regards,
>
> Steve
>
>
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at 
> http://explorer.msn.com/intl.asp.
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users