[Snort-users] simple snort pass
This is a discussion on [Snort-users] simple snort pass within the Snort forums, part of the System Security and Security Related category; Hello all. I've read the documentation but I can't get this simple pass rule to work. this rule ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-12-2004
|
|||
|
|||
[Snort-users] simple snort pass
Hello all. I've read the documentation but I can't get this simple pass rule to work. this rule is located in local.rules, which is included and being executed. the pass rule (on one line, and with no x's) is as follows: pass udp X.X.186.250 any -> $HOME_NET any (msg:"argus/stats doing their thing.";ip_proto:esp;rev:1;) I use ./snort -oDc ../etc/snort.conf to run the mother and it still shows the traffic from X.X.186.250 to my $home_net-- which is defined properly as such: [X.X.184.0/24,X.X.186.0/24,10.1.1.0/24] here is the alert detail: #0-(1-19) SNMP request udp 2004-01-11 12:13:02 X.X.186.250:33376 X.X.184.21:161 UDP 186.250 has legitamate snmp requests so I want them silenced! any suggestions? -Peter ------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
