From e0e669f27868f3ce442db9a76a7a5cbddef14dc6 Mon Sep 17 00:00:00 2001
From: BlackLight <blacklight@autistici.org>
Date: Thu, 10 Feb 2011 20:23:23 +0100
Subject: [PATCH] Adding more ICMP ping hyperalert modules

---
 corr_rules/1-366-7.xml | 9 +++++++++
 corr_rules/1-368-6.xml | 9 +++++++++
 corr_rules/1-384-5.xml | 9 +++++++++
 3 files changed, 27 insertions(+)
 create mode 100644 corr_rules/1-366-7.xml
 create mode 100644 corr_rules/1-368-6.xml
 create mode 100644 corr_rules/1-384-5.xml

diff --git a/corr_rules/1-366-7.xml b/corr_rules/1-366-7.xml
new file mode 100644
index 0000000..cfff17f
--- /dev/null
+++ b/corr_rules/1-366-7.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE hyperalert PUBLIC "-//blacklight//DTD HYPERALERT SNORT MODEL//EN" "http://0x00.ath.cx/hyperalert.dtd">
+
+<hyperalert>
+	<snort-id>1.366.7</snort-id>
+	<desc>ICMP PING *NIX</desc>
+	<post>HostExists(+DST_ADDR+)</post>
+</hyperalert>
+
diff --git a/corr_rules/1-368-6.xml b/corr_rules/1-368-6.xml
new file mode 100644
index 0000000..c7419a3
--- /dev/null
+++ b/corr_rules/1-368-6.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE hyperalert PUBLIC "-//blacklight//DTD HYPERALERT SNORT MODEL//EN" "http://0x00.ath.cx/hyperalert.dtd">
+
+<hyperalert>
+	<snort-id>1.368.6</snort-id>
+	<desc>ICMP PING BSDtype</desc>
+	<post>HostExists(+DST_ADDR+)</post>
+</hyperalert>
+
diff --git a/corr_rules/1-384-5.xml b/corr_rules/1-384-5.xml
new file mode 100644
index 0000000..f244922
--- /dev/null
+++ b/corr_rules/1-384-5.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE hyperalert PUBLIC "-//blacklight//DTD HYPERALERT SNORT MODEL//EN" "http://0x00.ath.cx/hyperalert.dtd">
+
+<hyperalert>
+	<snort-id>1.384.5</snort-id>
+	<desc>ICMP PING</desc>
+	<post>HostExists(+DST_ADDR+)</post>
+</hyperalert>
+