Snort mailing list archives
Snort Rules Enquiry
From: Diego Batigoal <diegobatigoal () yahoo com au>
Date: Tue, 26 May 2015 05:16:48 +0000 (UTC)
Hi, Just got stuck in the setup of the pdf CEH Lab Manual Page 860-861. I have downloaded the Snort 2973 and also downloaded the snortrules-snapshot-2973.tar rules but the rules all seem to be empty containing just the copyright information. I have configured snort but I need to enable detection rules in snort rule file. I am walking through the CEH lab and I am stuck at enabling ICMP rule. I have the file icmp-info.rules in C:\Snort\rules. I only see this when I open the file: # Copyright 2001-2013 Sourcefire, Inc. All Rights Reserved. # # This file contains (i) proprietary rules that were created, tested and certified by # Sourcefire, Inc. (the "VRT Certified Rules") that are distributed under the VRT # Certified Rules License Agreement (v 2.0), and (ii) rules that were created by # Sourcefire and other third parties (the "GPL Rules") that are distributed under the # GNU General Public License (GPL), v2. # # The VRT Certified Rules are owned by Sourcefire, Inc. The GPL Rules were created # by Sourcefire and other third parties. The GPL Rules created by Sourcefire are # owned by Sourcefire, Inc., and the GPL Rules not created by Sourcefire are owned by # their respective creators. Please see http://www.snort.org/snort/snort-team/ for a # list of third party owners and their respective copyrights. # # In order to determine what rules are VRT Certified Rules or GPL Rules, please refer # to the VRT Certified Rules License Agreement (v2.0). # #----------------- # ICMP-INFO RULES #----------------- I am supposed to uncomment an alert in the file which should contain lots of alerts commented out. but mine doesn't seem to have that content. What can I do in this phase ? Regards,Diego
------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Snort Rules Enquiry Diego Batigoal (May 25)
- Re: Snort Rules Enquiry Jamie Riden (May 25)
- Re: Snort Rules Enquiry Joel Esler (jesler) (May 26)
- Re: Snort Rules Enquiry waldo kitty (May 26)
- Re: Snort Rules Enquiry Joel Esler (jesler) (May 26)
- Re: Snort Rules Enquiry Joel Esler (jesler) (May 26)
- Re: Snort Rules Enquiry Jamie Riden (May 25)