Snort mailing list archives

Re: icmp-info.rules

From: Erek Adams <erek () snort org>
Date: Thu, 20 Feb 2003 15:21:39 -0500 (EST)

On Thu, 20 Feb 2003, Petreski, Samuel wrote:

I have installed and configured SNORT, the only main problem that I have
is when I enable the icmp-info.rules rule it picks up also the pings
from my monitoring server. In a way this is great to know that it works,
but also very annoying? Any help would be greatly appreciated!


Right.  That's why the icmp-info.rules file is _not_ enabled in the
default distro.

If you want/need it on, then you need to learn how to ignore that traffic
from that host.  It's been covered here more times than I could count.
Please have a look at this email [0] for more info.

That should get you fixed.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


[0]     http://www.theadamsfamily.net/~erek/snort/ignore.txt


-------------------------------------------------------
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

icmp-info.rules Petreski, Samuel (Feb 20)
- Re: icmp-info.rules Erek Adams (Feb 20)
- Re: icmp-info.rules James-lists (Feb 20)
- Custom syn flood rule webcatalog (Feb 20)
- <Possible follow-ups>
- Re: icmp-info.rules pro0digy (Feb 21)