Snort works really good like a sniffer but with IDS mode i have a problem. At first everytime I have an error with class type, i commented all rules that he doesn't like. I created simple rule in icmp.rules: alert icmp any any -> any any (msg: "Ping with TTL=100"; ttl:100;) I sent from my pc to virtual host 10 packages with TTL=100 but snort didn't write in logs anything! Please, help me! It's really important because i need to write thesis for graduation.
Aucun commentaire:
Enregistrer un commentaire