[Snort-users] Rule set Query

skill2die4 skill2die4 at ...131...
Wed Mar 6 08:23:02 EST 2002


hi :

consider there are 2 rules ... however, one rule is 
SuperSET of the other  . Example

A.rules = alert  any any < >  $home 80  _ _ _ _

B.rules = alert  $Secure  any  < > $home 80 _ _ _ _

now when i execute the snort ,and there is a Packet 
incoming from  $Secure 

1.  Would snort log both of them ?

2.   If  i put the B.rules before the A.rules would it make 
snort log only the second attack and not the first ?

3.  Is there a way to acheive the result of Query2 , ie 
only logging rule B and not the A when there is a
packet from $Secure ?



thanks :)

skill


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com





More information about the Snort-users mailing list