|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Snort-users] Thresholding the Cyberkit ICMP Ping rule
From: Jeremy Hewlett (jh
sourcefire.com)
Date: Tue Jan 06 2004 - 16:47:24 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, Dec 30, Brice B wrote:
> I've added the following line(s) to my threshold.conf:
> ----
> # supress CyberKit Ping when source is ! From Local Network - ie. Ping
> originates from local network
> suppress gen_id 1, sig_id 483, track by_src, ip !88.88.88.0/24
> ----
This doesn't currently support negation. It's in the queue to get
added. If anyone would like to submit a patch, feel free :)
-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]