[Snort-sigs] Pass rule problem
secsnortsigs at ...644...
Fri Feb 21 14:51:06 EST 2003
I have something like
pass tcp 192.168.10.10 any <> 192.168.120.10 443 (msg: "LOCAL known
alert tcp any any -> any any (msg: "catch all rule";
the idea is that I want to log everthing that is not know traffic.
However I am still getting events bing triggered by
192.168.120.10:443 -> 192.168.10.10:37797
which I thought would have been bypassed by the pass rule. I am running with
the -o option.
Any ideas? snort 1.9.0
More information about the Snort-sigs