Snort mailing list archives
Pass Rule not working?
From: Steve Lebeda <stevele () wyoming com>
Date: Wed, 24 Jul 2002 10:48:09 -0600
I've been getting alerts in ACID because of ICMP packets. The message is ICMP Destination Unreachable (Communication Administratively Prohibited) I know this particular issue has been addressed previously and I think I understand why it's happening. The servers on my Home Net are trying to ping to places that they aren't allowed to ping and the packets are being returned by an intermediary device. Trying to be clever, I wrote a pass rule in my local.rules file:
pass icmp any any -> *.*.*.* any (itype: 3; icode: 13) I'm still getting errors. What'd I do wrong? Steve ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Pass Rule not working? Steve Lebeda (Jul 24)
- Re: Pass Rule not working? Shane Williams (Jul 24)
- Re: Pass Rule not working? Chris Green (Jul 24)
- <Possible follow-ups>
- Pass Rule not working? Steve Lebeda (Jul 24)
- Re: Pass Rule not working? Matt Kettler (Jul 24)
- Re: Pass Rule not working? Steve Lebeda (Jul 24)
- Re: Pass Rule not working? Matt Kettler (Jul 24)
- RE: Pass Rule not working? Steve Halligan (Jul 24)
- RE: Pass Rule not working? Slighter, Tim (Jul 24)