Snort mailing list archives
Proxy pass rule
From: "Jose Ramon Hernandez Macias" <jhernandez () alestra com mx>
Date: Mon, 31 Mar 2003 12:59:01 -0600
Hi, How are you? I got a little question, I wrote a pass rule for my proxy web server (to ignore web traffic though), I just wrote a simple one like this pass tcp $EXTERNAL_NET 80 <> x.x.x.x any ( sid: 1000001; rev: 3; msg: "Webpage to Proxy connection"; classtype: misc;) Is that OK? or do I need to add and A Flag at least to be more specific? If I leave it that way, what´s the order of the rules?, because there´s an NMAP Scan Rule with source port 80 and an A Flag with Ack Number 0. How would that work? Thanks "Rapidity is the essence of war: take advantage of the enemy´s unreadiness, make your way by unexpected routes, and attack unguarded spots." -- Sun Tzu _________________________________________________________________________________ NOTA: La información de este correo es de propiedad exclusiva y confidencial. Este mensaje es sólo para el destinatario señalado, si usted no lo es, destrúyalo de inmediato. Ninguna información aquí contenida debe ser entendida como dada o avalada por Alestra, sus subsidiarias o sus empleados, salvo cuando ello expresamente se indique. Es responsabilidad de quien recibe este correo de asegurarse que esté libre de virus, por lo tanto ni Alestra, sus subsidiarias ni sus empleados aceptan responsabilidad alguna. NOTE: The information in this email is proprietary and confidential. This message is for the designated recipient only, if you are not the intended recipient, you should destroy it immediately. Any information in this message shall not be understood as given or endorsed by Alestra, its subsidiaries or their employees, unless expressly so stated. It is the responsibility of the recipient to ensure that this email is virus free, therefore neither Alestra, its subsidiaries nor their employees accept any responsibility. ------------------------------------------------------- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Proxy pass rule Jose Ramon Hernandez Macias (Mar 31)