[Snort-users] alert refused to pass

Jasmine CHUA Jasmine.Chua at ...11322...
Fri Feb 27 01:53:01 EST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all

I have a problem here and hope someone can help me see some light. I have a
pass rule that goes:

pass tcp $INTRA_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC /doc/
access"; flow:to_server,established; uricontent:"/doc/"; nocase;
reference:cve,CVE-1999-0678; reference:bugtraq,318;
classtype:web-application-activity;sid:1000026;rev:1;)

However, I am still seeing traffic and the rule does not work.

My snort.conf :

var INTRA_NET [x.x.x.x/x]

var HTTP_SERVERS [y.y.y.y/y]


And, I did include a "-o" when running snort.

What am I missing here.. :(

Jas 
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1

iQA/AwUBQD8Q3P4wcdIw6CVjEQIKlgCcD54tGq0/hceXylcb/Xptz4lxlq8Anjmo
dKnW7zlg3/Y1DVLYiQ59zzy0
=Wo0A
-----END PGP SIGNATURE-----


-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGPexch.rtf.asc
Type: application/octet-stream
Size: 601 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040227/112a5bb0/attachment.obj>


More information about the Snort-users mailing list