[Snort-users] help with pass rule

Scott Elgram SElgram at ...10477...
Thu Jul 1 11:33:09 EDT 2004


Sekure,
    No i did not.  The line in my rules file is as fallows
Pass icmp 192.168.0.31 any -> 216.26.177.210 any (msg: "ICMP Ping from
192.168.0.31";)

thanks
-Scott
----- Original Message ----- 
From: "sekure" <sekure at ...11827...>
To: "Scott Elgram" <selgram at ...10477...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Thursday, July 01, 2004 10:02 AM
Subject: Re: [Snort-users] help with pass rule


> Are you using the -o switch to pass before alerting?
>
>
> ----- Original Message -----
> From: Scott Elgram <selgram at ...10477...>
> Date: Thu, 1 Jul 2004 09:39:17 -0700
> Subject: [Snort-users] help with pass rule
> To: snort-users at lists.sourceforge.net
>
>
>
> Hello,    I am attempting to write a set of rules for my SNORT 2.4
> machine.  I would like to ignore any pings that are generated by my
> computer.  I wrote this simple rule
> Pass icmp 192.168.0.31 any -> any any but the rule doesn't seem to
> work.  The pings still show up.  I'm I doing something wrong?
>
> -Scott
>
>
> -------------------------------------------------------
> This SF.Net email sponsored by Black Hat Briefings & Training.
> Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
> digital self defense, top technical experts, no vendor pitches,
> unmatched networking opportunities. Visit www.blackhat.com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>






More information about the Snort-users mailing list