SID 480 - False Positive

Rule: ICMP PING speedera
Sid: 1:480
False Positives: The "Keep-Alive" feature enabled by default in many VPN
Tunnels can trigger a false positive for this rule. Keep-alives make sure
that a VPN tunnel stays established at all times by continuously sending
ICMP pings through the tunnel. The tunnel is re-established if necessary.
Nortel Instant Internet VPN devices have been observed generating ICMP
traffic that is mis-interpreted by Snort as Speedera pings.
-------------------------------
This is my first attempt to contribute to the Snort Rules database. I
apologize if I have not used the proper format. Please let me know if I need
to provide any additional information. 
Your feedback would be greatly appreciated to let me know this message made
it's way to the right place. 
M.Firth



-------------------------------------------------------
This Newsletter Sponsored by: Macrovision 
For reliable Linux application installations, use the industry's leading
setup authoring tool, InstallShield X. Learn more and evaluate 
today. http://clk.atdmt.com/MSI/go/ins0030000001msi/direct/01/