[Snort-users] Pass rule not passing preprocessors
bishan4u at ...1396...
Sun Apr 20 00:21:07 EDT 2003
I wrote a pass rule which will pass anything coming
from one machine.
pass tcp 192.168.1.2 -> any any
pass icmp 192.168.1.2 -> any any
pass udp 192.168.1.2 -> any any
now I run nessus scanner from 192.168.1.2, after the
scan when I viewed the alerts from my ACID.
It still gave me alerts coming from preprocessors like
spp_stream4 and spp_bo. But the alerts in the rule
file didn't come up which use to come up when there
was no pass rule for 192.168.1.2.
Now by writing this pass rule I'm able to avoid any
alerts from my rules directory, but preprocessors are
still generating alerts.
Is there anyway to avoid this?
*Note: I did use -o option at snort start up
email: bishan at ...8634...
For a better Internet experience
More information about the Snort-users