Snort mailing list archives
Generic ICMP event rule
From: Sam Johnson <Sam.Johnson () flagshipcredit com>
Date: Mon, 5 Nov 2018 18:59:24 +0000
Hello all, Trying to disable the generic ICMP event rule but having some trouble with it. For clarification it's this rule: [**] [1:10000001:1] Snort Alert [1:10000001:1] [**] [Classification: Generic ICMP event] I added the 1:10000001 (and even the 1:10000001:1 - not sure which one it is) to the disablesid.conf file for pulled pork. Ran pulled pork, yet it's still firing. I don't see that ID in snort.rules or in the sid-msg.map file. So I'm not entirely sure where its coming from. Does anyone know how to disable this rule?? Thanks! - Sam The information transmitted via this email is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you receive this in error, please contact the sender and delete the material from any computer.
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Generic ICMP event rule Sam Johnson (Nov 05)