only alerts on incoming traffic.

[jkv <jkv () unixcluster dk>]

Hi,

I'm having trouble getting snort to trigger rules on outgoing 
connections, inbound connections works just fine.
For debugging this issue i have disabled all my normal rules and made a 
few debug rules:

alert tcp any any -> 90.185.105.45 25 (msg:"DEBUG: SMTP INCOMMING"; 
sid:22222222;)
alert tcp 90.185.105.45 any -> any 25 (msg:"DEBUG: SMTP OUTGOING"; 
sid:11111111;)

(90.185.105.45 is my static ip, normally i use HOME_NET for this but 
since i am debugging i have hardcoded the IP in the rules)

With these two rules i get snort alerts if i generate port 25 from a 
remote server to my server - so far so good. But if i from my server 
initiate a port 25 connections to some remote smtp server i dont get any 
snort alerts.

Anyone got any ideas about why this is happening?

Regards,
jkv





------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users