Snort mailing list archives

Stopping ECHO & ECHO REPLY Alerts

From: Michael Pace <mpace79 () yahoo com>
Date: Wed, 11 Aug 2004 06:24:45 -0700 (PDT)

I am currently seeing hundreds of the alerts below, but I'm not sure what rule is causing them.  I don't really care to 
have an email sent to me every time someone does a basic echo request on my firewall.  I'd like to change the rule to 
log instead of alert.  Can anyone tell me where to look?
 
[Classification: Misc activity] [Priority: 3] 
08/11-07:29:02.490037 63.163.102.37 -> xxx.xxx.xxx.xxx
ICMP TTL:49 TOS:0x0 ID:27096 IpLen:20 DgmLen:64
Type:8  Code:0  ID:28958   Seq:512  ECHO

[Classification: Misc activity] [Priority: 3] 
08/11-07:29:49.362139 216.15.147.20 -> xxx.xxx.xxx.xxx
ICMP TTL:255 TOS:0x0 ID:19804 IpLen:20 DgmLen:36 DF
Type:0  Code:0  ID:32081  Seq:0  ECHO REPLY
 
 
Thanks,
 
Michael

                
---------------------------------
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!

Current thread:

Stopping ECHO & ECHO REPLY Alerts Michael Pace (Aug 16)
- Re: Stopping ECHO & ECHO REPLY Alerts Martin Roesch (Aug 16)