Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Generic ICMP event rule

From: Sam Johnson <Sam.Johnson () flagshipcredit com>
Date: Mon, 5 Nov 2018 18:59:24 +0000
Hello all,

Trying to disable the generic ICMP event rule but having some trouble with it. For clarification it's this rule:

[**] [1:10000001:1] Snort Alert [1:10000001:1] [**] [Classification: Generic ICMP event]

I added the 1:10000001 (and even the 1:10000001:1 - not sure which one it is) to the disablesid.conf file for pulled 
pork. Ran pulled pork, yet it's still firing. I don't see that ID in snort.rules or in the sid-msg.map file. So I'm not 
entirely sure where its coming from. Does anyone know how to disable this rule??

Thanks!
- Sam

The information transmitted via this email is intended only for the person or entity to which it is addressed and may 
contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking 
of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. 
If you receive this in error, please contact the sender and delete the material from any computer.

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Previous By Date Next
Previous By Thread Next

Current thread: