[Snort-users] Pass rule help needed
jpegny at ...549...
Sat Jan 5 09:30:02 EST 2002
I'm using snort 1.8.3 on a Sun ULTRA 10 with Solaris 8.
Running snort as
/opt/snort/bin/snort -o -d -D -A fast -c /opt/snort/etc/snort.conf
I'm trying to write a pass rule to not detect scans to port 137(udp) from 1 machine.
pass udp 192.168.1.20/32 any -> any 137
pass udp 192.168.1.20 any -> any 137
in my local.rules which is included in my snort.conf
and I am using the -o option to run snort but I still get portscan detects from this machine to
I want to be able detect portscans from that machine ... just not to port 137/udp
More information about the Snort-users