[Snort-users] alert refused to pass
Jasmine.Chua at ...11322...
Fri Feb 27 02:19:04 EST 2004
-----BEGIN PGP SIGNED MESSAGE-----
People .. oops! I spotted my mistake. Accidentally put one of the IP address
into INTRA_NET site.
- -----Original Message-----
From: Jasmine CHUA
Sent: Friday, February 27, 2004 5:42 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] alert refused to pass
*** PGP Signature Status: bad
*** Signer: Jasmine Chua <jasmine.chua at ...11322...>
*** Signed: 2/27/2004 5:41:48 PM
*** Verified: 2/27/2004 6:00:15 PM
*** BEGIN PGP VERIFIED MESSAGE ***
I have a problem here and hope someone can help me see some light. I have a
pass rule that goes:
pass tcp $INTRA_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC /doc/
access"; flow:to_server,established; uricontent:"/doc/"; nocase;
However, I am still seeing traffic and the rule does not work.
My snort.conf :
var INTRA_NET [x.x.x.x/x]
var HTTP_SERVERS [y.y.y.y/y]
And, I did include a "-o" when running snort.
What am I missing here.. :(
*** END PGP VERIFIED MESSAGE ***
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1
-----END PGP SIGNATURE-----
More information about the Snort-users