Snort mailing list archives
Re: Unable to get Pass rules to ignore some traffic .
From: "Andrew R. Baker" <andrewb () sourcefire com>
Date: Thu, 18 Jul 2002 08:13:51 -0400
Moyer, Shawn wrote:
Actually, I'm wondering if it's b/c of the "msg:" field being left in therule, maybe it's still logging even if it's passing?
Having the "msg:" field specified for a log or pass rule will not affect how the rule functions. It will just not get used for that particular rule.
I have quite a few rules that don't have the slash notation on the end and they work -- I'm guessing the default if CIDR is not defined is to append /32.
You are correct, if there is not CIDR block specified, it defaults to /32.Of course, knowing these things still does not explain why Snort is not properly applying the pass rule.
-A ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Unable to get Pass rules to ignore some traffic . Moyer, Shawn (Jul 18)
- Re: Unable to get Pass rules to ignore some traffic . Andrew R. Baker (Jul 18)
- Windows 2000 and MySQL Laurent Grignet (Jul 18)
- RE: Windows 2000 and MySQL Gene Gomez (Jul 18)
- RE: Windows 2000 and MySQL Michael Steele (Jul 18)
- Re: Unable to get Pass rules to ignore some traffic. David E. Gianndrea (Jul 18)
- Windows 2000 and MySQL Laurent Grignet (Jul 18)
- Re: Unable to get Pass rules to ignore some traffic . Andrew R. Baker (Jul 18)