Snort mailing list archives
Re: PP not ignoring ICMP
From: JJC <cummingsj () gmail com>
Date: Fri, 8 Apr 2011 16:20:39 -0600
Those rules don't live in icmp.rules, they live in icmp-info.rules, so you would have to also ignore icmp-info.rules. JJC On Fri, Apr 8, 2011 at 4:13 PM, Agus <agus.262 () gmail com> wrote:
Hey JJ.. this ones [1:368:6] ICMP PING BSDtype [Classification: Misc activity] [Priority: 3]: {ICMP} [1:369:6] ICMP PING BayRS Router [Classification: Misc activity] [Priority: 3]: {ICMP} [1:373:6] ICMP PING Flowpoint2200 or Network Management Software [Classification: Misc activity] [Priority: 3]: {ICMP} Thanks 2011/4/8 JJC <cummingsj () gmail com>:What SIDs were you seeing fire? On Fri, Apr 8, 2011 at 3:59 PM, JJC <cummingsj () gmail com> wrote:I'll test right quick and let you know what I find... that error just indicates that you have an outdated LWP::UserAgent perl module, shouldnotaffect the area that you are having issues with. JJC On Fri, Apr 8, 2011 at 3:53 PM, Agus <agus.262 () gmail com> wrote:Hi guys, I cant make PP ignore icmp rules. Im running PP-060. snort 2.9.0.3 I have this line in my pulledpork.confignore=deleted.rules,experimental.rules,local.rules,icmp.rules,emerging-drop-BLOCK,emerging-compromised-BLOCK,emerging-dshield-BLOCK,emerging-botcc-BLOCK,emerging-rbn-BLOCK,emerging-tor-BLOCKI have also tried with icmp only and same issue. still getting the icmp alerts and seeing them in the snort.rules. pulledpork.pl -n -c etc/pulledpork.conf -T -v shows: ignore =deleted.rules,experimental.rules,local.rules,icmp.rules,emerging-drop-BLOCK,emerging-compromised-BLOCK,emerging-dshield-BLOCK,emerging-botcc-BLOCK,emerging-rbn-BLOCK,emerging-tor-BLOCKthen it gives me an error, probably something with the perl module. Can't locate object method "show_progress" via package "LWP::UserAgent" at ./pulledpork.pl line 1651. Still ICMP rules in snort.rules Any thoughts? Cheers------------------------------------------------------------------------------Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- PP not ignoring ICMP Agus (Apr 08)
- Re: PP not ignoring ICMP JJC (Apr 08)
- Re: PP not ignoring ICMP JJC (Apr 08)
- Re: PP not ignoring ICMP Agus (Apr 08)
- Re: PP not ignoring ICMP JJC (Apr 08)
- Re: PP not ignoring ICMP Agus (Apr 08)
- Re: PP not ignoring ICMP JJC (Apr 08)
- Re: PP not ignoring ICMP JJC (Apr 08)