[Snort-users] Unable to get Pass rules to ignore some traffic.

McCammon, Keith Keith.McCammon at ...3497...
Wed Jul 17 14:24:04 EDT 2002


> pass udp $BRANCH_NETS any -> x.x.0.2 162 (msg:"SNMP trap udp";
> reference:cve,CAN-2002-0012; reference:cve,CAN-2002-0013;  
> sid:1419; rev:2;
> classtype:attempted-recon;)

You're missing the CIDR designation on the destination address.  Should be x.x.0.2/32.




More information about the Snort-users mailing list