Snort mailing list archives

Re: RE: Rule content question.

From: Andreas Hasenack <andreas () conectiva com br>
Date: Tue, 20 Aug 2002 18:12:06 -0300

Em Tue, Aug 20, 2002 at 01:47:58PM -0700, Clint Byrum escreveu:

I'd say though, that this can probably be tuned out. Is this type of
traffic really so telling of an "intrusion" ?


The purpose of this rule was to catch ICMP tunnels, if I'm not mistaken.
But it happens that this all-zeros ICMP packets are *really* frequent.



-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Rule content question. larosa, vjay (Aug 16)
- <Possible follow-ups>
- Re: Rule content question. Matt Kettler (Aug 16)
- RE: Rule content question. larosa, vjay (Aug 20)
  - Re: RE: Rule content question. Clint Byrum (Aug 20)
    - Re: RE: Rule content question. Andreas Hasenack (Aug 20)
  - Re: RE: Rule content question. Phil Wood (Aug 20)
- Re: RE: Rule content question. Matt Kettler (Aug 21)