[Snort-users] re: pass rule question

lindsay.hunt at ...9446... lindsay.hunt at ...9446...
Thu Jun 12 10:38:12 EDT 2003


Hello,

I have a question regarding the use of pass rules. I am running snort with
the "-o" option and want to ignore specific snmp traffic; specifically snmp
requests from a particular ip address destined for 2 separate addresses.

I created a file called pass.rules and placed it in the rules directory. It
has the following syntax:

     pass udp x.x.x.x any -> udp [y.y.y.y , z.z.z.z ] 161


x.x.x.x corresponds to the source address and y and z to the destination
addresses.

Is the syntax correct? The traffic that I want to ignore is still showing
up as alerts.  Thanks in advance for any help.


kind regards,

Lindsay Hunt
Network Engineer
Alstom Power
phone 804-763-7239
mobile 804-334-1682
fax 804-763-7107

CONFIDENTIALITY : This e-mail and any attachments are confidential and may
be privileged. If you are not a named recipient, please notify the sender
immediately and do not disclose the contents to another person, use it for
any purpose or store or copy the information in any medium.





More information about the Snort-users mailing list