Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Trouble with pass rule

From: Carl <lists () carldunham com>
Date: Tue, 29 Apr 2003 14:46:18 -0400
Doh! |*^o^*|

Might be time to change my default font size...

Thanks, Neil.


On Tuesday April 29 2003 11:16, Neil Dickey wrote:

Carl <lists () carldunham com> wrote below, asking:

[ Why does my pass rule not work. ]

The way you have your variables set the alert rule picks up traffic
from any port, anywhere, to any port on your home net.  The source
address of the alert is 10.27.13.211, which matches "anywhere," and
the target address is 10.27.255.255, which matches "10.27.0.0/16".

Your pass rule affects traffic moving between 10.47.0.0./16 and your
home net -- note the second octet is "47", not "27" ( typo?).  That's
why the pass rule isn't doing what you want.

I hope this helps.

Best regards,

Neil Dickey, Ph.D.
Research Associate/Sysop
Geology Department
Northern Illinois University
DeKalb, Illinois
60115




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: