Snort mailing list archives
Re: simple pass rules
From: "shawn . moyer" <shawn () net-connect net>
Date: Mon, 07 May 2001 17:32:06 -0500
Are you starting snort with the -o flag? Aaron McKinnon wrote:
Trying to write a simple pass rule: #Pass rule for uagent (ArcServe 2000 backup agent). pass tcp 208.158.118.3 6051 -> 208.158.118.100 any pass tcp 208.158.118.150 any -> 208.158.118.100 139 It seems to ignore the rules in my local.rules file... Have I written these rules correctly? Trying to eliminate this: [**] NETBIOS Samba clientaccess [**] 05/04-15:54:44.393982 208.158.118.150:2622 -> 208.158.118.100:139 TCP TTL:64 TOS:0x0 ID:33184 IpLen:20 DgmLen:196 DF ***AP*** Seq: 0x42FBC312 Ack: 0x66B24302 Win: 0x7CFB TcpLen: 32 TCP Options (3) => NOP NOP TS: 146795697 856297 and [**] EXPLOIT x86 NOOP [**] 05/05-00:47:09.281828 208.158.118.3:6051 -> 208.158.118.100:2080 TCP TTL:64 TOS:0x0 ID:26854 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0xDB2C0C8E Ack: 0xDC26531E Win: 0x7D78 TcpLen: 20 Thanks. ----------------------------------- Aaron McKinnon System Administrator Fullerene Productions, Inc. 3250 Wilshire Blvd. Suite 2000 Los Angeles, CA 90010 213.365.1692 ----------------------------------- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- s h a w n m o y e r shawn () net-connect net "May the forces of evil become confused on the way to your house." --George Carlin _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Patch for stick Suchun . Wu (May 07)
- Re: Patch for stick Max Vision (May 07)
- simple pass rules Aaron McKinnon (May 07)
- Re: simple pass rules shawn . moyer (May 07)
- RE: simple pass rules Aaron McKinnon (May 07)
- Re: simple pass rules Erek Adams (May 07)
- simple pass rules Aaron McKinnon (May 07)
- RE: Patch for stick Fernando Cardoso (May 08)
- Re: Patch for stick Martin Roesch (May 27)
- Re: Patch for stick Max Vision (May 07)
- Re: Patch for stick Fyodor (May 08)
- <Possible follow-ups>
- RE: Patch for stick Steve Hutchins (May 08)
- end of portscan Simon Frohn (May 08)