[Snort-users] Rules

Enrico M.V. Fasanelli Enrico.M.V.Fasanelli at ...4883...
Mon Feb 11 06:19:05 EST 2002

    Hi all,

    I run snort-mysql-1.8.3-5 on a RH7.2 box

    I've written the following rule (in the local.rule)


pass udp $LNF_AFS_SERVERS 7000:7009 <> $HOME_NET 7000:7009

     Where HOME_NET is defined in the main snort.conf as

var HOME_NET [,]

     and started the snortd with the -o flag. But:

Generated by ACID v0.9.6b20 on Mon February 11, 2002 13:28:54

#(1 - 7075) [2002-02-07 11:12:13] [arachNIDS/247]  MISC Large UDP Packet
IPv4: ->
      hlen=5 TOS=0 dlen=4284 ID=52436 flags=0 offset=0 TTL=23 chksum=21973
UDP:  port=7000 -> dport: 7001 len=4264
Payload:  length = 4064

     Why snort refuse to follow my "pass" rule?

     How can I tell snortd to do not log this kind of traffic?


      Enrico M.V. Fasanelli          Phone +39 0832 320.435/448
Istituto Nazionale Fisica Nucleare   Fax   +39 0832 325128
       Sezione di Lecce              mailto:Enrico.M.V.Fasanelli at ...4883...
  Servizio di Calcolo & Reti         Via per Arnesano, I-73100 LECCE (Italy)

More information about the Snort-users mailing list