Snort mailing list archives

Doubt about rules

From: Sonika Malhotra <sonikam () magnum barc ernet in>
Date: Thu, 28 Feb 2002 16:40:01 +0530

Hello List,
I have a doubt ( i had posted the question before also with no replies!)

if i write rules as follows-
pass any any -> my.server.ip.addr/32 25
pass any any -> my.server.ip.addr/32 53
alert any any -> my.server.ip.addr/32 any

and run snort with -o option set.
then:   1. snort is going to pass all traffic for 25 and 53 port , but
alert on other ports
but in this case is the "attack signature check" done for 25 and 53 or
these packets are just passed without any check.
        2. and what is the difference between alert and log.(except for
the diff. files)

thanx in advance
sm.


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Doubt about rules Sonika Malhotra (Feb 28)
- Re: Doubt about rules Erek Adams (Feb 28)
- Re: Doubt about rules koriun@ipia (Feb 28)
  - Re[2]: Doubt about rules koriun@ipia (Feb 28)
  - Re: Doubt about rules Erek Adams (Feb 28)
- <Possible follow-ups>
- RE: Re[2]: Doubt about rules Ronneil Camara (Feb 28)