Snort mailing list archives
Snort Rules
From: Brian Carpio <carb02 () csgsystems com>
Date: Thu, 7 Jun 2001 15:53:12 -0600 (MDT)
I have created a rule in my local.rules file (which is included in the snort.conf file and the other rules in that file work but one) I have a monitor server which snort records as Jun 7 15:50:54 prod-backup snort[3682]: [ID 244969 auth.alert] ICMP Echo Request *NIX: 205.144.151.100 -> 205.144.151.83 that's from /var/adm/messages I have created a rule pass 205.144.151.100/32 any -> 205.144.151.83/32 any but messages are still getting recored in the /var/adm/messages from ICMP Requests from this box.. what's wrong with my rule?? does the order of rules in the snort.conf file regulate this?? Which takes presence a pass rule or an alert rule?? Brian Carpio _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Rules Brian Carpio (Jun 07)
- <Possible follow-ups>
- Re: Snort Rules Neil Dickey (Jun 07)
- Re: Snort Rules Colin Wu (Jun 07)
- Re: Snort Rules Brian Carpio (Jun 08)
- Re: Snort Rules Colin Wu (Jun 07)
- Re: Snort Rules Neil Dickey (Jun 08)