Snort mailing list archives

Re: Pass rule sometimes does not work

From: Edin Dizdarevic <edin.dizdarevic () interActive-Systems de>
Date: Tue, 14 Jan 2003 18:44:58 +0100

Hi,

Hess, Ben wrote:

We are using snort center v0.9.6 and I can not find where I can enterthat command. Does anyone know? Or do I have to upgrade my snortcenter?


I suppose that is some kind of a configuration helper. I'm talking
about the Snort configuration file. About the order how rules are
being worked through. Snort is not like Netfilter/Iptables, where
the action is taken when a rule is hit. Default rule order is:

  Activate -> Dynamic -> Alert -> Pass -> Log

which means that the pass rules miss their purpose, because some
people never look to the manual, write some pass rules and never
notice being hacked. ;)

Have fun,

Edin_


-----Original Message-----
From: Edin Dizdarevic [mailto:edin.dizdarevic () interActive-Systems de]

[...]


Try this in your configfile:

config order: pass info alert log activation dynamic

 >
 > Ben
 >

Edin_


--
Edin Dizdarevic




-------------------------------------------------------
This SF.NET email is sponsored by: FREE  SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your  SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


--
Edin Dizdarevic



-------------------------------------------------------
This SF.NET email is sponsored by: FREE  SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your  SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Pass rule sometimes does not work Hess, Ben (Jan 14)
- Re: Pass rule sometimes does not work Erick Mechler (Jan 14)
- Re: Pass rule sometimes does not work Edin Dizdarevic (Jan 14)
- <Possible follow-ups>
- RE: Pass rule sometimes does not work Hess, Ben (Jan 14)
- RE: Pass rule sometimes does not work Hess, Ben (Jan 14)
  - Re: Pass rule sometimes does not work Edin Dizdarevic (Jan 14)