Snort mailing list archives

Re: How to Write Snort Rules and Keep Your Sanity...

From: Chris Green <cmg () sourcefire com>
Date: Wed, 13 Mar 2002 08:31:05 -0500

"Hever C. Rocha - N.O.C" <hever () itcbrasil com br> writes:

ex: 
 my local.rules

pass icmp any any <> 1.1.1.1/20  any ( not working)
pass icmp any any -> 1.1.1.1/20  any  ( not working)

for while i disable de "ICMP ping" and "ICMP ping undefined" code rules
set, but is not the ideal...


Try adding a -o to your snort command line to change the order of
alert generation.
-- 
Chris Green <cmg () sourcefire com>
Let not the sands of time get in your lunch.


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

How to Write Snort Rules and Keep Your Sanity... Hever C. Rocha - N.O.C (Mar 13)
- Re: How to Write Snort Rules and Keep Your Sanity... Chris Green (Mar 13)
- Re: How to Write Snort Rules and Keep Your Sanity... Andreas Hasenack (Mar 13)