[Snort-users] help with pass rule

Scott Elgram SElgram at ...10477...
Thu Jul 1 11:55:06 EDT 2004


Sekure,
/usr/local/bin/snort -c /etc/snort/snort.conf -i eth1 -g snort -D

thanks,
-scott
----- Original Message ----- 
From: "sekure" <sekure at ...11827...>
To: "Scott Elgram" <selgram at ...10477...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Thursday, July 01, 2004 11:45 AM
Subject: Re: [Snort-users] help with pass rule


> Scott,
>
> What I meant is that you have to launch snort with the -o switch to
> tell it to process the pass rules BEFORE the alert rules.  What does
> your snort command line look like?
>
> On Thu, 1 Jul 2004 11:32:22 -0700, Scott Elgram <selgram at ...10477...>
wrote:
> > Sekure,
> >    No i did not.  The line in my rules file is as fallows
> > Pass icmp 192.168.0.31 any -> 216.26.177.210 any (msg: "ICMP Ping from
> > 192.168.0.31";)
> >
> > thanks
> > -Scott
> >
> >
> > ----- Original Message -----
> > From: "sekure" <sekure at ...11827...>
> > To: "Scott Elgram" <selgram at ...10477...>
> > Cc: <snort-users at lists.sourceforge.net>
> > Sent: Thursday, July 01, 2004 10:02 AM
> > Subject: Re: [Snort-users] help with pass rule
> >
> > > Are you using the -o switch to pass before alerting?
> > >
> > >
> > > ----- Original Message -----
> > > From: Scott Elgram <selgram at ...10477...>
> > > Date: Thu, 1 Jul 2004 09:39:17 -0700
> > > Subject: [Snort-users] help with pass rule
> > > To: snort-users at lists.sourceforge.net
> > >
> > >
> > >
> > > Hello,    I am attempting to write a set of rules for my SNORT 2.4
> > > machine.  I would like to ignore any pings that are generated by my
> > > computer.  I wrote this simple rule
> > > Pass icmp 192.168.0.31 any -> any any but the rule doesn't seem to
> > > work.  The pings still show up.  I'm I doing something wrong?
> > >
> > > -Scott
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.Net email sponsored by Black Hat Briefings & Training.
> > > Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
> > > digital self defense, top technical experts, no vendor pitches,
> > > unmatched networking opportunities. Visit www.blackhat.com
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users at lists.sourceforge.net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > >
> >
> >
>
>
> -------------------------------------------------------
> This SF.Net email sponsored by Black Hat Briefings & Training.
> Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
> digital self defense, top technical experts, no vendor pitches,
> unmatched networking opportunities. Visit www.blackhat.com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>






More information about the Snort-users mailing list