[Snort-users] Pass rule
bruneau at ...126...
Tue Jul 25 05:45:15 EDT 2000
No I didn't but I will. By the way, what is the order when not using that switch?
Martin Roesch wrote:
> Did you use the -o command line option? Try that....
> Guy Bruneau wrote:
> > Hello,
> > I have tried to used the pass rule and it doesn't appear to work. For
> > example, I have the following alert:
> > [**] IDS247 - MISC - Large UDP Packet [**]
> > 07/24-19:17:32.790650 10.14.71.92:4361 -> 22.214.171.124:21626
> > UDP TTL:32 TOS:0x0 ID:12831
> > Len: 1144
> > I would write the following rule:
> > pass udp 10.14.71.92 any -> 126.96.36.199 any
> > but snort isn't ignoring it. It continues to log it. Is there anything wrong
> > with this rule? If so, how should it be written?
> > Thanks,
> > Guy
> > --
> > Guy Bruneau
> > Ma page est a/My page at: http://www.penguinpowered.com/~bruneau
> > _______________________________________________ Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > http://lists.sourceforge.net/mailman/listinfo/snort-users
> Martin Roesch <roesch at ...2...>
> Core R&D http://www.hiverworld.com
> Hiverworld, Inc. Continuous Adaptive Risk Management
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
More information about the Snort-users