Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Pass Rule not working?

From: Chris Green <cmg () sourcefire com>
Date: Wed, 24 Jul 2002 14:28:12 -0400
Steve Lebeda <stevele () wyoming com> writes:


I've been getting alerts in ACID because of ICMP packets. The
message is ICMP Destination Unreachable (Communication
Administratively Prohibited) I know this particular issue has been
addressed previously and I think I understand why it's
happening. The servers on my Home Net are trying to ping to places
that they aren't allowed to ping and the packets are being returned
by an intermediary device. Trying to be clever, I wrote a pass rule
in my local.rules file:


You may wish to do that but why not just disable the rule itself?

If you really want a pass rule, follow the other messages in the
thread.
-- 
Chris Green <cmg () sourcefire com>
I've had a perfectly wonderful evening. But this wasn't it.
     -- Groucho Marx


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: