[Snort-users] Rule Order
rshuck at ...6736...
Thu May 1 12:34:16 EDT 2003
Has anyone else changed the rule order under 2.0?
When I upgraded to 2.0, I started having problems with ICMP alerts when
my rule order was set to 'pass alert log'. Actually, any setting other
than default caused problems. ICMP alerts happen, they just skip the
normal rule and trigger the "Undefined Code" rule.
Ron Shuck, CISSP, GCIA - Managing Consultant
Buchanan Associates - A Technology Company in the People Business
More information about the Snort-users