Re: Stopping ECHO & ECHO REPLY Alerts

[Martin Roesch <roesch () sourcefire com>]

Turn those rules off by commenting them out in the rules files.  What 
version of Snort are you running?

On Aug 11, 2004, at 9:24 AM, Michael Pace wrote:

> I am currently seeing hundreds of the alerts below, but I'm not sure 
> what rule is causing them.  I don't really care to have an email sent 
> to me every time someone does a basic echo request on my firewall.  
> I'd like to change the rule to log instead of alert.  Can anyone tell 
> me where to look?
>  
> [Classification: Misc activity] [Priority: 3]
> 08/11-07:29:02.490037 63.163.102.37 -> xxx.xxx.xxx.xxx
> ICMP TTL:49 TOS:0x0 ID:27096 IpLen:20 DgmLen:64
> Type:8  Code:0  ID:28958   Seq:512  ECHO
>
> [Classification: Misc activity] [Priority: 3]
> 08/11-07:29:49.362139 216.15.147.20 -> xxx.xxx.xxx.xxx
> ICMP TTL:255 TOS:0x0 ID:19804 IpLen:20 DgmLen:36 DF
> Type:0  Code:0  ID:32081  Seq:0  ECHO REPLY
>  
>  
> Thanks,
>  
> Michael
>
> Do you Yahoo!?
>  Yahoo! Mail is new and improved - Check it out!
--
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Intelligent Security Monitoring
roesch () sourcefire com - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org



-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users