Snort mailing list archives
Re: Pass rule not passing preprocessors (Absent jusqu'au 29/07/2002)
From: "Pascal Painparay" <pascal.painparay () tdf fr>
Date: Mon, 21 Apr 2003 15:42:16 +0200
Je suis absent jusqu'au 21/04/03 inclus. En cas d'urgence, Vous pouvez contacter : Christophe Savin au 01 49 15 32 75. Cdt Pascal Painparay
snort-users 04/21/03 15:21 >>>
"Always Bishan" <bishan4u () yahoo co uk> writes:
Hi Snorters, I wrote a pass rule which will pass anything coming from one machine. pass tcp 192.168.1.2 -> any any pass icmp 192.168.1.2 -> any any pass udp 192.168.1.2 -> any any
[...]
Now by writing this pass rule I'm able to avoid any alerts from my rules directory, but preprocessors are still generating alerts. Is there anyway to avoid this?
If you want to omit traffic from that machine completely, disable all traffic from it in your bpf filter for snort. snort <command args> not host 192.168.1.2 -- Chris Green <cmg () sourcefire com> To err is human, to moo bovine. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Pass rule not passing preprocessors (Absent jusqu'au 29/07/2002) Pascal Painparay (Apr 21)