[Snort-sigs] pass rules

Dale L. Handy dhandy at ...1244...
Thu Mar 4 09:57:07 EST 2004


Remember also that under normal circumstances, pass rules are not looked at until *AFTER* 
alerts. You must either use the '-o' option when you start snort, or use a "config order:" 
statement in the snort.conf file.


John B. wrote:
> If the src _and_ dest is 192.168.0.0/16, then try
> pass ip 192.168.0.0/16 any -> 192.168.0.0/16.
> 
> John B.
> 
> --- "Rowland, Krisa W ERDC-ITL-MS Contractor"
> <Krisa.W.Rowland at ...2112...> wrote:
> 
>>Example:
>>I have created these pass rules - but for some
>>reason I am still receiving
>>alerts on 192.168 traffic as source and
>>destination??  Any advice??
>> 
>># CRREL
>>pass ip 192.168.0.0/16 any -> 143.146.0.0/16 any
>>pass ip 143.146.0.0/16 any -> 192.168.0.0/16 any
>>
>>Krisa Rowland 
>>ERDC Information Assurance Team 
>>(SAIC Contractor) 
>>3909 Halls Ferry Rd.,  Bldg. 8000 
>>Vicksburg, MS 39180 
>>601-634-2493 
>>krisa.w.rowland at ...2112... 
>> 
>>
> 
> 
> 
> __________________________________
> Do you Yahoo!?
> Yahoo! Search - Find what you’re looking for faster
> http://search.yahoo.com
> 
> 
> -------------------------------------------------------
> SF.Net is sponsored by: Speed Start Your Linux Apps Now.
> Build and deploy apps & Web services for Linux with
> a free DVD software kit from IBM. Click Now!
> http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> 
> 

-- 
"The trouble with doing something right the first time
  is that nobody appreciates how difficult it was."

-- Dale L. Handy, P.E.
    dhandy at ...1244...
    http://www.nitrodata.com






More information about the Snort-sigs mailing list