[Snort-users] Snort pass rules failing
jshenk at ...514...
Thu May 13 18:03:04 EDT 2004
Yes, I did. I also tried it from the command-line just to make sure I
didn't have something messed up in my init script. It's the craziest
thing...the pass rules are very simple. Here's one of them:
var WEB_PROXY x.x.x.x
pass tcp $HOME_NET any -> $WEB_PROXY 8080 (msg:"SCAN Proxy Port 8080
attempt - proxy"; stateless; flags:S,12; classtype:attempted-recon;
In this case, there's only one ip address in the variable but I think
the use of variables makes it a little cleaner.
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Matt
Sent: Thursday, May 13, 2004 8:13 PM
To: Jerry Shenk; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Snort pass rules failing
At 07:19 PM 5/13/2004, Jerry Shenk wrote:
>I'm trying to get a new IDS box set up. I'm trying to set up a few
>specific pass rules for a box that does monitoring (ICMP and SNMP) and
>router (ICMP redirects) and a web proxy server. None of them seem to
>taking. I'm running version 2.1.1 (Build 25)
did you start snort with the -o parameter?
This SF.Net email is sponsored by: SourceForge.net Broadband
Sign-up now for SourceForge Broadband and get the fastest
6.0/768 connection for only $19.95/mo for the first 3 months!
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users