icmp-info.rules

Firestorm NIDS是一个性能非常高的网络入侵检测系统 (NIDS)。目前

alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Destination Unreachable (Undefined Code!)"; itype: 3; sid:407;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Echo Reply"; itype: 0; icode: 0; sid:408;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Echo Reply (Undefined Code!)"; itype: 0; sid:409;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Fragment Reassembly Time Exceeded"; itype: 11; icode: 1; sid:410;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP IPV6 I-Am-Here"; itype: 34; icode: 0; sid:411;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP IPV6 I-Am-Here (Undefined Code!"; itype: 34; sid:412;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP IPV6 Where-Are-You"; itype: 33; icode: 0; sid:413;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP IPV6 Where-Are-You (Undefined Code!)"; itype: 33; sid:414;  classtype:misc-activity; rev:4;)
alert icmp $HOME_NET any -> $EXTERNAL_NET any (msg:"ICMP Information Reply"; itype: 16; icode: 0; sid:415;  classtype:misc-activity; rev:4;)
alert icmp $HOME_NET any -> $EXTERNAL_NET any (msg:"ICMP Information Reply (Undefined Code!)"; itype: 16; sid:416;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Information Request"; itype: 15; icode: 0; sid:417;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Information Request (Undefined Code!)"; itype: 15; sid:418;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Mobile Host Redirect"; itype: 32; icode: 0; sid:419;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Mobile Host Redirect (Undefined Code!)"; itype: 32; sid:420;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Mobile Registration Reply"; itype: 36; icode: 0; sid:421;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Mobile Registration Reply (Undefined Code!)"; itype: 36; sid:422;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Mobile Registration Request"; itype: 35; icode: 0; sid:423;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Mobile Registration Request (Undefined Code!"; itype: 35; sid:424;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Parameter Problem (Bad Length)"; itype: 12; icode: 2; sid:425;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Parameter Problem (Missing a Requiered Option)"; itype: 12; icode: 1; sid:426;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Parameter Problem (Unspecified Error)"; itype: 12; icode: 0; sid:427;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Parameter Problem (Undefined Code!)"; itype: 12; sid:428;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Photuris (Reserved)"; itype: 40; icode: 0; sid:429;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Photuris (Unknown Security Parameters Index)"; itype: 40; icode: 1; sid:430;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Photuris (Valid Security Parameters, But Authentication Failed)"; itype: 40; icode: 2; sid:431;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Photuris (Valid Security Parameters, But Decryption Failed)"; itype: 40; icode: 3; sid:432;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Photuris (Undefined Code!)"; itype: 40; sid:433;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Redirect (for TOS and Host)"; itype: 5; icode: 3; sid:436;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Redirect (for TOS and Network)"; itype: 5; icode: 2; sid:437;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Redirect (Undefined Code!)"; itype: 5; sid:438;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Reserved for Security (Type 19)"; itype: 19; icode: 0; sid:439;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Reserved for Security (Type 19) (Undefined Code!)"; itype: 19; sid:440;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Router Advertisment"; itype: 9; icode: 0; reference:arachnids,173; sid:441;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Router Selection"; itype: 10; icode: 0; reference:arachnids,174; sid:443;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP SKIP"; itype: 39; icode: 0; sid:445;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP SKIP (Undefined Code!"; itype: 39; sid:446;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Source Quench (Undefined Code!)"; itype: 4; sid:448;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Time-To-Live Exceeded in Transit"; itype: 11; icode: 0; sid:449;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Time-To-Live Exceeded in Transit (Undefined Code!)"; itype: 11; sid:450;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Timestamp Reply"; itype: 14; icode: 0; sid:451;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Timestamp Reply (Undefined Code!)"; itype: 14; sid:452;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Timestamp Request"; itype: 13; icode: 0; sid:453;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Timestamp Request (Undefined Code!)"; itype: 13; sid:454;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Traceroute ipopts"; ipopts: rr; itype: 0; reference:arachnids,238; sid:455;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Traceroute"; itype: 30; icode: 0; sid:456;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Traceroute (Undefined Code!)"; itype: 30; sid:457;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Unassigned! (Type 1)"; itype: 1; icode: 0; sid:458;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Unassigned! (Type 1) (Undefined Code)"; itype: 1; sid:459;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Unassigned! (Type 2)"; itype: 2; icode: 0; sid:460;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Unassigned! (Type 2) (Undefined Code)"; itype: 2; sid:461;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Unassigned! (Type 7)"; itype: 7; icode: 0; sid:462;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP Unassigned! (Type 7) (Undefined Code!)"; itype: 7; sid:463;  classtype:misc-activity; rev:4;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP PING (Undefined Code!)"; itype: 8; sid:365;  classtype:misc-activity; rev:4;)