Results 1 to 2 of 2

Thread: snort rules: drop ping scans from host to subnet

  1. #1
    Senior Member
    Join Date
    Apr 2002
    Posts
    417

    snort rules: drop ping scans from host to subnet

    HI,

    I have a ping server that creates all these logs in snort. I'd like to drop any alerts that the ping server generates. I'm using this rule but, it doesn't work. What am I doing wrong?

    pass icmp 128.111.15.4/32 any -> 128.111.15.0/24 any


    Thanks,

  2. #2

    Re:snort rules: drop ping scans from host to subnet

    Haven't worked with snort for a while, but can't you just negate the ip addy of the server in the rule causing the alert, like !MY_SERVER_IP? or something like that?

Similar Threads

  1. Simple question about command syntax ping/log ping results
    By ohalnet in forum Linux - Hardware, Networking & Security
    Replies: 2
    Last Post: 07-26-2006, 05:12 PM
  2. Virtual host/local host PAM File problem!
    By honey bee in forum Linux - Hardware, Networking & Security
    Replies: 0
    Last Post: 03-01-2006, 01:38 PM
  3. ping: unknown host yahoo.com
    By rhonneil in forum Linux - Hardware, Networking & Security
    Replies: 2
    Last Post: 10-05-2003, 11:13 PM
  4. website for security scans
    By weebrough in forum Linux - Software, Applications & Programming
    Replies: 4
    Last Post: 03-24-2002, 08:39 PM
  5. Snort IDS, Remote Denial of Service
    By Aaron_Adams in forum Linux - Software, Applications & Programming
    Replies: 1
    Last Post: 02-25-2002, 08:01 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •