Re: Snort rules

[Jamie Riden <jamie.riden () gmail com>]

I don't have a sign-in for snort.org to hand; it should look more like
this as far as I remember:

https://github.com/mrash/fwsnort/blob/master/deps/snort_rules/icmp-info.rules

If one of the site downloads is broken, you'll need to take this up
with the guys who run the site - though they will probably come across
this thread fairly soon.

cheers,
 Jamie


On 24 March 2015 at 12:01, adonis okpidi <adonisokpidi () gmail com> wrote:
> Hi Jamie,
>
> Thanks for getting back to me. I did scroll down the editor but that was all
> I could see. You can download the snortrules-snapshot-2972.tar.gz from snort
> website and I am sure you'll see the same thing.
>
> Best Regards,
> Adonis
>
>
>
> On 23 March 2015 at 13:17, Jamie Riden <jamie.riden () gmail com> wrote:
> > Hi there,
> >
> > It almost looks like you haven't scrolled down at all in your editor?
> > There should be loads of rules in icmp-info.
> >
> > thanks,
> >  Jamie
> >
> > On 23 March 2015 at 12:48, adonis okpidi <adonisokpidi () gmail com> wrote:
> > > Hi All,
> > >
> > > I have downloaded the Snort 2972 and also downloaded the
> > > snortrules-snapshot-2972.tar rules but the rules all seem to be empty
> > > containing just the copyright information. Here is an example of what
> > > icmp-info.rules look like
> > >
> > >
> > > how do you enable ICMP rule in snort
> > >
> > > up vote 0 down vote favorite
> > >
> > > I have configured snort but I need to enable detection rules in snort
> > > rule
> > > file. I am walking through the CEH lab and I am stuck at enabling ICMP
> > > rule.
> > > I have the file icmp-info.rules in C:\Snort\rules. I only see this when
> > > I
> > > open the file:
> > >
> > > # Copyright 2001-2013 Sourcefire, Inc. All Rights Reserved.
> > > #
> > > # This file contains (i) proprietary rules that were created, tested and
> > > certified by
> > > # Sourcefire, Inc. (the "VRT Certified Rules") that are distributed
> > > under
> > > the    VRT
> > > # Certified Rules License Agreement (v 2.0), and (ii) rules that were
> > > created by
> > > # Sourcefire and other third parties (the "GPL Rules") that are
> > > distributed
> > > under the
> > > # GNU General Public License (GPL), v2.
> > > #
> > > # The VRT Certified Rules are owned by Sourcefire, Inc. The GPL Rules
> > > were
> > > created
> > > # by Sourcefire and other third parties. The GPL Rules created by
> > > Sourcefire
> > > are
> > > # owned by Sourcefire, Inc., and the GPL Rules not created by Sourcefire
> > > are
> > > owned by
> > > # their respective creators. Please see
> > > http://www.snort.org/snort/snort-team/ for a
> > > # list of third party owners and their respective copyrights.
> > > #
> > > # In order to determine what rules are VRT Certified Rules or GPL Rules,
> > > please refer
> > > # to the VRT Certified Rules License Agreement (v2.0).
> > > #
> > > #-----------------
> > > # ICMP-INFO RULES
> > > #-----------------
> > >
> > > I am suppose to uncomment an alert in the file which should contain lots
> > > of
> > > alerts commented out. but mine doesnt seem to have that content. I have
> > > tried deleting and redownloading but still didnt see any changes in the
> > > file. Thanks
> > >
> > >
> > >
> > >
> > > ------------------------------------------------------------------------------
> > > Dive into the World of Parallel Programming The Go Parallel Website,
> > > sponsored
> > > by Intel and developed in partnership with Slashdot Media, is your hub
> > > for
> > > all
> > > things parallel software development, from weekly thought leadership
> > > blogs
> > > to
> > > news, videos, case studies, tutorials and more. Take a look and join the
> > > conversation now. http://goparallel.sourceforge.net/
> > > _______________________________________________
> > > Snort-sigs mailing list
> > > Snort-sigs () lists sourceforge net
> > > https://lists.sourceforge.net/lists/listinfo/snort-sigs
> > > http://www.snort.org
> > >
> > >
> > > Please visit http://blog.snort.org for the latest news about Snort!
> >
> >
> >
> > --
> > Jamie Riden / jamie () honeynet org / jamie.riden () gmail com
> > http://uk.linkedin.com/in/jamieriden



-- 
Jamie Riden / jamie () honeynet org / jamie.riden () gmail com
http://uk.linkedin.com/in/jamieriden

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!