[Snort-users] Snort pass rules failing

Jerry Shenk jshenk at ...514...
Thu May 13 18:11:07 EDT 2004


Ya know, when I posted this last message, I thought about the fact that
this is the first time I've tried using the ENTIRE rule that hit instead
of stripping out all the 'extra stuff'.  After stripping that out, it
seems like things are working as expected.

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Matt
Kettler
Sent: Thursday, May 13, 2004 8:13 PM
To: Jerry Shenk; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Snort pass rules failing


At 07:19 PM 5/13/2004, Jerry Shenk wrote:
>I'm trying to get a new IDS box set up.  I'm trying to set up a few
>specific pass rules for a box that does monitoring (ICMP and SNMP) and
a
>router (ICMP redirects) and a web proxy server.  None of them seem to
be
>taking.  I'm running version 2.1.1 (Build 25)

did you start snort with the -o parameter?




-------------------------------------------------------
This SF.Net email is sponsored by: SourceForge.net Broadband
Sign-up now for SourceForge Broadband and get the fastest
6.0/768 connection for only $19.95/mo for the first 3 months!
http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list