Snort mailing list archives
Re: icmp pass rules
From: "Stephen Reese" <rsreese () gmail com>
Date: Fri, 24 Oct 2008 09:14:14 -0400
On Fri, Oct 24, 2008 at 9:06 AM, Joel Esler <eslerj () gmail com> wrote:
No, why would say that? Less of a penalty than a pass rule.
John Gay mentioned using:
You could use the itype and icode options. I believe an echo reply would be type 0 code 0.
So I'm assuming can can still use pass rules by adding more information. The real question is why do pass rules even exist if you could use suppression instead and not have the performance penalty. Thanks for everyone's time in advance... ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- icmp pass rules Stephen Reese (Oct 22)
- Re: icmp pass rules Joel Esler (Oct 22)
- Re: icmp pass rules Stephen Reese (Oct 22)
- Re: icmp pass rules Stephen Reese (Oct 23)
- Re: icmp pass rules John Gay (Oct 24)
- Message not available
- Re: icmp pass rules Stephen Reese (Oct 24)
- Re: icmp pass rules Joel Esler (Oct 24)
- Re: icmp pass rules Stephen Reese (Oct 24)
- Message not available
- Re: icmp pass rules Stephen Reese (Oct 24)
- Re: icmp pass rules Stephen Reese (Oct 24)
- Message not available
- Re: icmp pass rules Stephen Reese (Oct 27)
- Message not available
- Re: icmp pass rules Stephen Reese (Oct 28)
- Re: icmp pass rules Stephen Reese (Oct 22)
- Re: icmp pass rules Joel Esler (Oct 22)
- Re: icmp pass rules Frank Knobbe (Oct 24)
- Re: icmp pass rules Frank Knobbe (Oct 24)
- Re: icmp pass rules Stephen Reese (Oct 24)
- Re: icmp pass rules Frank Knobbe (Oct 24)
- Re: icmp pass rules Stephen Reese (Oct 24)