[Snort-users] Doubt about rules
sonikam at ...4044...
Thu Feb 28 03:06:01 EST 2002
I have a doubt ( i had posted the question before also with no replies!)
if i write rules as follows-
pass any any -> my.server.ip.addr/32 25
pass any any -> my.server.ip.addr/32 53
alert any any -> my.server.ip.addr/32 any
and run snort with -o option set.
then: 1. snort is going to pass all traffic for 25 and 53 port , but
alert on other ports
but in this case is the "attack signature check" done for 25 and 53 or
these packets are just passed without any check.
2. and what is the difference between alert and log.(except for
the diff. files)
thanx in advance
More information about the Snort-users