[Snort-users] Problem !! Pass command doesn't work

이지훈 jhlee2 at ...10747...
Thu Dec 11 23:24:04 EST 2003


This is my snort.conf file

-----
....
pass udp 166.xxx.xxx.0/24 any -> 166.xxx.xxx.0/24 111
pass tcp 166.xxx.xxx.0/24 any -> 166.xxx.xxx.0/24 111

include $RULE_PATH/bad-traffic.rules
....
-----

I have added two pass commands "to ignore rpc query from my local network"
 
because snort detect it as a attack and it's a heavy false positive
 
and I also put "-o" option to snort command to change sequence between pass and alert but snort doesn't pass them. there's still many rpc logs

what's wrong with me ? I'm waiting help from you 

thanks

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20031211/6716e13c/attachment.html>


More information about the Snort-users mailing list