Re: icmp-info.rules

["James-lists" <hackerwacker () cybermesa com>]

> I have installed and configured SNORT, the only main problem that I have
> is when I enable the icmp-info.rules rule it picks up also the pings
> from my monitoring server. In a way this is great to know that it works,
> but also very annoying? Any help would be greatly appreciated! 
>
> --Samuel


This rule set is very noisy. Choose the rules within icmp-info.rules you wish to 
run and comment out the rest. For my networks I don't run this rule set at all.
Each network is different so what works for me may not work for you. 
I do always like to watch for oversized or fragmented pings. 

James Edwards
Routing and Security
jamesh () cybermesa com
At the Santa Fe Office: Internet at Cyber Mesa





-------------------------------------------------------
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users