[Snort-sigs] problems setting flags

studentmm08.pool-id at ...1755... studentmm08.pool-id at ...1755...
Fri Aug 22 14:12:31 EDT 2003


pass tcp $LAN any -> $PROXY 80
pass tcp $PROXY 80 -> $LAN any (flags: !S;)

alert tcp any any -> any any

all works fine, but all packages with ACK and SYN flags triggers off the
alert rule.
i did try a third pass rule for the proxy with (flags: AS;) and another
with (flags: A+;), but nothing
of this works.

how to write a pass rule, which says to pass all tcp packages contains
ACK/SYN flags ?

this can not be the problem ?
i think i must do holidays to get a clear head....

thx
andreas






More information about the Snort-sigs mailing list