Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Doubt about rules

From: Erek Adams <erek () theadamsfamily net>
Date: Thu, 28 Feb 2002 03:31:10 -0800 (PST)
On Thu, 28 Feb 2002, Sonika Malhotra wrote:


Hello List,
I have a doubt ( i had posted the question before also with no replies!)

if i write rules as follows-
pass any any -> my.server.ip.addr/32 25
pass any any -> my.server.ip.addr/32 53
alert any any -> my.server.ip.addr/32 any

and run snort with -o option set. then:

1. snort is going to pass all
traffic for 25 and 53 port , but alert on other ports but in this case is
the "attack signature check" done for 25 and 53 or these packets are just
passed without any check.


Pass rules are just that.  They tell snort to skip checks and "ignore" any
packets that match this rule.


        2. and what is the difference between alert and log.(except for
the diff. files)


See this:  http://www.theadamsfamily.net/~erek/snort/logging_methods.txt for
the real dirt on it.

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: