Snort mailing list archives
Snort Rule-framing
From: Sonika Malhotra <sonikam () magnum barc ernet in>
Date: Mon, 04 Feb 2002 17:35:32 +0530
Hello List, I need some help to frame a rule . i am allowing packets for smtp and dns on my mail-cum-dns-server.so i have 2 pass rules and 1 alert rule in my local.rules as follows. pass tcp any any -> $SERVER 25 pass tcp any any -> $SERVER 53 alert tcp any any -> $SERVER any (msg: "Unusual Access on Server";) and i run snort daemon with "-o" option set.(pass->alert->log) This logs all packets for ports other than 25 and 53 in my log-file. i have a doubt here, does the above setup means that all packets having (smtp or dns)attack-signatures for port 25 and 53 will also be passed by snort (without sending alerts) .In that case is there any other way of implementing this policy. Thanx. SM. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Rule-framing Sonika Malhotra (Feb 04)