[Oisf-users] Suricata doesn't alert
Tuấn Ngọc Trần Lê
tranletuanngoc at gmail.com
Mon Sep 23 05:33:26 UTC 2019
Hello,
I wrote a rule for Suricata to detect ICMP connection and have it loaded.
alert icmp $HOME_NET any -> $HOME_NET any (msg:"ICMP connection attempt";
sid:1000002; rev:1;)
It works fine when I try to ping from a computer in the network (A) to the
one running Suricata (B).
However, when I ping from (A) to another computer (C), (B) doesn't detect
and alert.
(A), (B) and (C) are being connected to a switch.
Please help me.
Thank you,
Ngoc Tran (Frank)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190923/fa6f6d27/attachment.html>
More information about the Oisf-users
mailing list