Snort mailing list archives
Problem !! Pass command doesn't work
From: 이지훈 <jhlee2 () csl hanyang ac kr>
Date: Fri, 12 Dec 2003 16:18:33 +0900
This is my snort.conf file ----- .... pass udp 166.xxx.xxx.0/24 any -> 166.xxx.xxx.0/24 111 pass tcp 166.xxx.xxx.0/24 any -> 166.xxx.xxx.0/24 111 include $RULE_PATH/bad-traffic.rules .... ----- I have added two pass commands "to ignore rpc query from my local network" because snort detect it as a attack and it's a heavy false positive and I also put "-o" option to snort command to change sequence between pass and alert but snort doesn't pass them. there's still many rpc logs what's wrong with me ? I'm waiting help from you thanks
Current thread:
- Problem !! Pass command doesn't work 이지훈 (Dec 11)