Snort mailing list archives

Re: Snort rules

From: "Al Lewis (allewi)" <allewi () cisco com>
Date: Mon, 23 Mar 2015 12:55:03 +0000

Hello,

A good place to start with snort rules would be here: http://manual.snort.org/node28.html

Hope this helps!

Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi () cisco com

From: adonis okpidi [mailto:adonisokpidi () gmail com]
Sent: Monday, March 23, 2015 8:48 AM
To: snort-sigs () lists sourceforge net
Subject: [Snort-sigs] Snort rules

Hi All,
I have downloaded the Snort 2972 and also downloaded the snortrules-snapshot-2972.tar rules but the rules all seem to 
be empty containing just the copyright information. Here is an example of what icmp-info.rules look like

how do you enable ICMP rule in snort<http://stackoverflow.com/questions/29145221/how-do-you-enable-icmp-rule-in-snort>
up vote 0 down vote favorite<http://stackoverflow.com/questions/29145221/how-do-you-enable-icmp-rule-in-snort>

I have configured snort but I need to enable detection rules in snort rule file. I am walking through the CEH lab and I 
am stuck at enabling ICMP rule. I have the file icmp-info.rules in C:\Snort\rules. I only see this when I open the file:

# Copyright 2001-2013 Sourcefire, Inc. All Rights Reserved.

#

# This file contains (i) proprietary rules that were created, tested and       certified by

# Sourcefire, Inc. (the "VRT Certified Rules") that are distributed under the    VRT

# Certified Rules License Agreement (v 2.0), and (ii) rules that were created by

# Sourcefire and other third parties (the "GPL Rules") that are distributed     under the

# GNU General Public License (GPL), v2.

#

# The VRT Certified Rules are owned by Sourcefire, Inc. The GPL Rules were   created

# by Sourcefire and other third parties. The GPL Rules created by Sourcefire are

# owned by Sourcefire, Inc., and the GPL Rules not created by Sourcefire are owned by

# their respective creators. Please see http://www.snort.org/snort/snort-team/ for a

# list of third party owners and their respective copyrights.

#

# In order to determine what rules are VRT Certified Rules or GPL Rules, please refer

# to the VRT Certified Rules License Agreement (v2.0).

#

#-----------------

# ICMP-INFO RULES

#-----------------

I am suppose to uncomment an alert in the file which should contain lots of alerts commented out. but mine doesnt seem 
to have that content. I have tried deleting and redownloading but still didnt see any changes in the file. Thanks

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

snort rules simegn ztsion (Jan 03)
- Re: snort rules Joel Esler (jesler) (Jan 04)
- Re: snort rules waldo kitty (Jan 05)
- <Possible follow-ups>
- Snort rules adonis okpidi (Mar 23)
  - Re: Snort rules Al Lewis (allewi) (Mar 23)
  - Re: Snort rules Jamie Riden (Mar 23)
    - Message not available
    - Re: Snort rules Jamie Riden (Mar 24)