Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: geting this rule to work

From: waldo kitty <wkitty42 () windstream net>
Date: Sat, 01 Dec 2012 11:31:34 -0500
On 11/30/2012 16:37, Akinwale Fasuru wrote:

Hello,

Here is what i came up with:
alert icmp any any ->  any any (msg:"Traceroute command attempted"; itype:<30; icode:<30; ttl:<30; sid:1000007)
it seem to work.


now test again with a simple ping and see what happens ;)


  But i need to write same rule for Windows OS, is it going to be the same thing or what needs to be changed?


networking is networking is networking... you can't really write OS specific 
rules for general tasks like networking...


------------------------------------------------------------------------------
Keep yourself connected to Go Parallel: 
INSIGHTS What's next for parallel hardware, programming and related areas?
Interviews and blogs by thought leaders keep you ahead of the curve.
http://goparallel.sourceforge.net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: