[Snort-users] Pass rule sometimes does not work

Edin Dizdarevic edin.dizdarevic at ...7509...
Tue Jan 14 09:45:02 EST 2003


Hi,

Hess, Ben wrote:
> We are using snort center v0.9.6 and I can not find where I can enter 
> that command. Does anyone know? Or do I have to upgrade my snortcenter?

I suppose that is some kind of a configuration helper. I'm talking
about the Snort configuration file. About the order how rules are
being worked through. Snort is not like Netfilter/Iptables, where
the action is taken when a rule is hit. Default rule order is:

   Activate -> Dynamic -> Alert -> Pass -> Log

which means that the pass rules miss their purpose, because some
people never look to the manual, write some pass rules and never
notice being hacked. ;)

Have fun,

Edin_

> 
> -----Original Message-----
> From: Edin Dizdarevic [mailto:edin.dizdarevic at ...7509...]
[...]
> 
> Try this in your configfile:
> 
> config order: pass info alert log activation dynamic
> 
>  >
>  > Ben
>  >
> 
> Edin_
> 
> 
> -- 
> Edin Dizdarevic
> 
> 
> 
> 
> -------------------------------------------------------
> This SF.NET email is sponsored by: FREE  SSL Guide from Thawte
> are you planning your Web Server Security? Click here to get a FREE
> Thawte SSL guide and find the answers to all your  SSL security issues.
> http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 

-- 
Edin Dizdarevic





More information about the Snort-users mailing list