Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort Rules Enquiry

From: Diego Batigoal <diegobatigoal () yahoo com au>
Date: Tue, 26 May 2015 05:16:48 +0000 (UTC)
Hi, 
Just got stuck in the setup of the pdf CEH Lab Manual Page 860-861.
I have downloaded the Snort 2973 and also downloaded the snortrules-snapshot-2973.tar rules but the rules all seem to 
be empty
containing just the copyright information. 
I have configured snort but I need to enable detection rules in snort rule file. I am walking through the CEH lab and I 
am stuck at enabling ICMP rule.
I have the file icmp-info.rules in C:\Snort\rules. I only see this when I open the file:

# Copyright 2001-2013 Sourcefire, Inc. All Rights Reserved.
#
# This file contains (i) proprietary rules that were created, tested and
certified by
# Sourcefire, Inc. (the "VRT Certified Rules") that are distributed under
the    VRT
# Certified Rules License Agreement (v 2.0), and (ii) rules that were
created by
# Sourcefire and other third parties (the "GPL Rules") that are distributed
under the
# GNU General Public License (GPL), v2.
#
# The VRT Certified Rules are owned by Sourcefire, Inc. The GPL Rules were
created
# by Sourcefire and other third parties. The GPL Rules created by Sourcefire
are
# owned by Sourcefire, Inc., and the GPL Rules not created by Sourcefire are
owned by
# their respective creators. Please see
http://www.snort.org/snort/snort-team/ for a
# list of third party owners and their respective copyrights.
#
# In order to determine what rules are VRT Certified Rules or GPL Rules,
please refer
# to the VRT Certified Rules License Agreement (v2.0).
#
#-----------------
# ICMP-INFO RULES
#-----------------

I am supposed to uncomment an alert in the file which should contain lots of alerts commented out. but mine doesn't 
seem to have that content.
What can I do in this phase ?
Regards,Diego


------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: