[Snort-users] pass rule not working

Bill Essig billessig at ...11827...
Sat Feb 11 23:01:01 EST 2006

Yes, I read the FAQ. I hope none of you have to drink too much after my
I have the following in my snort.conf file:

pass tcp any -> 80

So, I just decide to ask for /usr/bin/cc in my URL:
I thought due to my rule, this would not be logged or alerted. (fast alerts)
So I cat my alert log, and get:

02/11-22:53:13.287208  [**] [1:1343:5] WEB-ATTACKS /usr/bin/cc command
attempt [**] [Classification: Web Application Attack] [Priority: 1] {TCP} ->

It was my understanding that this was not to show up. Any clues?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20060211/94f2b182/attachment.html>

More information about the Snort-users mailing list