Results 1 to 2 of 2

Thread: snort rules: drop ping scans from host to subnet

  1. 08-04-2004, 10:10 PM #1
    Blaqb0x
    Blaqb0x is offline
    Senior Member
    Join Date
    Apr 2002
    Posts
    417

    snort rules: drop ping scans from host to subnet

    HI,

    I have a ping server that creates all these logs in snort. I'd like to drop any alerts that the ping server generates. I'm using this rule but, it doesn't work. What am I doing wrong?

    pass icmp 128.111.15.4/32 any -> 128.111.15.0/24 any


    Thanks,
    Reply With Quote Reply With Quote
  2. 08-24-2004, 12:19 AM #2
    tolstoy
    tolstoy is offline
    Advisor
    Join Date
    May 2001
    Posts
    564

    Re:snort rules: drop ping scans from host to subnet

    Haven't worked with snort for a while, but can't you just negate the ip addy of the server in the rule causing the alert, like !MY_SERVER_IP? or something like that?
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. Windows 2000 Hardware Compatibility List
    By regix in forum Windows - General Topics
    Replies: 11
    Last Post: 01-04-2005, 08:20 AM
  2. ping: unknown host yahoo.com
    By rhonneil in forum Linux - Hardware, Networking & Security
    Replies: 2
    Last Post: 10-05-2003, 11:13 PM
  3. IPTables stuff
    By tarballed in forum Linux - Software, Applications & Programming
    Replies: 8
    Last Post: 02-18-2003, 10:54 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules