Snort mailing list archives
Re: PP not ignoring ICMP
From: Agus <agus.262 () gmail com>
Date: Fri, 8 Apr 2011 19:13:23 -0300
Hey JJ..
this ones
[1:368:6] ICMP PING BSDtype [Classification: Misc activity]
[Priority: 3]: {ICMP}
[1:369:6] ICMP PING BayRS Router [Classification: Misc activity]
[Priority: 3]: {ICMP}
[1:373:6] ICMP PING Flowpoint2200 or Network Management Software
[Classification: Misc activity] [Priority: 3]: {ICMP}
Thanks
2011/4/8 JJC <cummingsj () gmail com>:
What SIDs were you seeing fire? On Fri, Apr 8, 2011 at 3:59 PM, JJC <cummingsj () gmail com> wrote:I'll test right quick and let you know what I find... that error just indicates that you have an outdated LWP::UserAgent perl module, should not affect the area that you are having issues with. JJC On Fri, Apr 8, 2011 at 3:53 PM, Agus <agus.262 () gmail com> wrote:Hi guys, I cant make PP ignore icmp rules. Im running PP-060. snort 2.9.0.3 I have this line in my pulledpork.conf ignore=deleted.rules,experimental.rules,local.rules,icmp.rules,emerging-drop-BLOCK,emerging-compromised-BLOCK,emerging-dshield-BLOCK,emerging-botcc-BLOCK,emerging-rbn-BLOCK,emerging-tor-BLOCK I have also tried with icmp only and same issue. still getting the icmp alerts and seeing them in the snort.rules. pulledpork.pl -n -c etc/pulledpork.conf -T -v shows: ignore = deleted.rules,experimental.rules,local.rules,icmp.rules,emerging-drop-BLOCK,emerging-compromised-BLOCK,emerging-dshield-BLOCK,emerging-botcc-BLOCK,emerging-rbn-BLOCK,emerging-tor-BLOCK then it gives me an error, probably something with the perl module. Can't locate object method "show_progress" via package "LWP::UserAgent" at ./pulledpork.pl line 1651. Still ICMP rules in snort.rules Any thoughts? Cheers ------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- PP not ignoring ICMP Agus (Apr 08)
- Re: PP not ignoring ICMP JJC (Apr 08)
- Re: PP not ignoring ICMP JJC (Apr 08)
- Re: PP not ignoring ICMP Agus (Apr 08)
- Re: PP not ignoring ICMP JJC (Apr 08)
- Re: PP not ignoring ICMP Agus (Apr 08)
- Re: PP not ignoring ICMP JJC (Apr 08)
- Re: PP not ignoring ICMP JJC (Apr 08)