RE: Unable to get Pass rules to ignore some traffic .

["Moyer, Shawn" <SMoyer () rgare com>]

Actually, I'm wondering if it's b/c of the "msg:" field being left in the
rule, maybe it's still logging even if it's passing? 

I have quite a few rules that don't have the slash notation on the end and
they work -- I'm guessing the default if CIDR is not defined is to append
/32.


--shawn



> -----Original Message-----
> From: McCammon, Keith [mailto:Keith.McCammon () eadvancemed com]
> Sent: Wednesday, July 17, 2002 16:24
> To: daveg () comsquared com; snort-users () lists sourceforge net
> Subject: RE: [Snort-users] Unable to get Pass rules to ignore some
> traffic.
>
>
> > pass udp $BRANCH_NETS any -> x.x.0.2 162 (msg:"SNMP trap udp";
> > reference:cve,CAN-2002-0012; reference:cve,CAN-2002-0013;  
> > sid:1419; rev:2;
> > classtype:attempted-recon;)
>
> You're missing the CIDR designation on the destination 
> address.  Should be x.x.0.2/32.
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users