[Snort-users] help with pass rule

sekure sekure at ...11827...
Thu Jul 1 11:46:08 EDT 2004


Scott,

What I meant is that you have to launch snort with the -o switch to
tell it to process the pass rules BEFORE the alert rules.  What does
your snort command line look like?

On Thu, 1 Jul 2004 11:32:22 -0700, Scott Elgram <selgram at ...10477...> wrote:
> Sekure,
>    No i did not.  The line in my rules file is as fallows
> Pass icmp 192.168.0.31 any -> 216.26.177.210 any (msg: "ICMP Ping from
> 192.168.0.31";)
> 
> thanks
> -Scott
> 
> 
> ----- Original Message -----
> From: "sekure" <sekure at ...11827...>
> To: "Scott Elgram" <selgram at ...10477...>
> Cc: <snort-users at lists.sourceforge.net>
> Sent: Thursday, July 01, 2004 10:02 AM
> Subject: Re: [Snort-users] help with pass rule
> 
> > Are you using the -o switch to pass before alerting?
> >
> >
> > ----- Original Message -----
> > From: Scott Elgram <selgram at ...10477...>
> > Date: Thu, 1 Jul 2004 09:39:17 -0700
> > Subject: [Snort-users] help with pass rule
> > To: snort-users at lists.sourceforge.net
> >
> >
> >
> > Hello,    I am attempting to write a set of rules for my SNORT 2.4
> > machine.  I would like to ignore any pings that are generated by my
> > computer.  I wrote this simple rule
> > Pass icmp 192.168.0.31 any -> any any but the rule doesn't seem to
> > work.  The pings still show up.  I'm I doing something wrong?
> >
> > -Scott
> >
> >
> > -------------------------------------------------------
> > This SF.Net email sponsored by Black Hat Briefings & Training.
> > Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
> > digital self defense, top technical experts, no vendor pitches,
> > unmatched networking opportunities. Visit www.blackhat.com
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> 
>




More information about the Snort-users mailing list