Snort mailing list archives
Re: icmp pass rules
From: "Stephen Reese" <rsreese () gmail com>
Date: Fri, 24 Oct 2008 10:33:20 -0400
Last one I hope, I'm already using a few pass rules: #Ignore redirects from the main router to internet gateway var 3825ROUTER [172.31.1.1/32] pass icmp $3825ROUTER any -> $HOME_NET any #Chatty Minolta copiers var DI200 [172.31.1.223/32,172.31.1.240/32] pass icmp $DI200 any -> $3825ROUTER any If I decide to check out suppression is it viable to us it for all of my 'passing' needs? On Fri, Oct 24, 2008 at 10:24 AM, Joel Esler <joel.esler () sourcefire com> wrote:
It all depends on the situation. But in this case it's rather easy. Use a suppression. -- Joel Esler Sent from my iPhone On Oct 24, 2008, at 9:14 AM, "Stephen Reese" <rsreese () gmail com> wrote:On Fri, Oct 24, 2008 at 9:06 AM, Joel Esler <eslerj () gmail com> wrote:No, why would say that? Less of a penalty than a pass rule.John Gay mentioned using:You could use the itype and icode options. I believe an echo reply would be type 0 code 0.So I'm assuming can can still use pass rules by adding more information. The real question is why do pass rules even exist if you could use suppression instead and not have the performance penalty. Thanks for everyone's time in advance...
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- icmp pass rules Stephen Reese (Oct 22)
- Re: icmp pass rules Joel Esler (Oct 22)
- Re: icmp pass rules Stephen Reese (Oct 22)
- Re: icmp pass rules Stephen Reese (Oct 23)
- Re: icmp pass rules John Gay (Oct 24)
- Message not available
- Re: icmp pass rules Stephen Reese (Oct 24)
- Re: icmp pass rules Joel Esler (Oct 24)
- Re: icmp pass rules Stephen Reese (Oct 24)
- Message not available
- Re: icmp pass rules Stephen Reese (Oct 24)
- Re: icmp pass rules Stephen Reese (Oct 24)
- Message not available
- Re: icmp pass rules Stephen Reese (Oct 27)
- Message not available
- Re: icmp pass rules Stephen Reese (Oct 28)
- Re: icmp pass rules Stephen Reese (Oct 22)
- Re: icmp pass rules Joel Esler (Oct 22)
- Re: icmp pass rules Frank Knobbe (Oct 24)
- Re: icmp pass rules Frank Knobbe (Oct 24)
- Re: icmp pass rules Stephen Reese (Oct 24)
- Re: icmp pass rules Frank Knobbe (Oct 24)
- Re: icmp pass rules Stephen Reese (Oct 24)