Snort mailing list archives

Re: help with pass rule

From: "Scott Elgram" <SElgram () verifpoint com>
Date: Thu, 1 Jul 2004 11:32:22 -0700

Sekure,
    No i did not.  The line in my rules file is as fallows
Pass icmp 192.168.0.31 any -> 216.26.177.210 any (msg: "ICMP Ping from
192.168.0.31";)

thanks
-Scott
----- Original Message ----- 
From: "sekure" <sekure () gmail com>
To: "Scott Elgram" <selgram () verifpoint com>
Cc: <snort-users () lists sourceforge net>
Sent: Thursday, July 01, 2004 10:02 AM
Subject: Re: [Snort-users] help with pass rule

Are you using the -o switch to pass before alerting?


----- Original Message -----
From: Scott Elgram <selgram () verifpoint com>
Date: Thu, 1 Jul 2004 09:39:17 -0700
Subject: [Snort-users] help with pass rule
To: snort-users () lists sourceforge net



Hello,    I am attempting to write a set of rules for my SNORT 2.4
machine.  I would like to ignore any pings that are generated by my
computer.  I wrote this simple rule
Pass icmp 192.168.0.31 any -> any any but the rule doesn't seem to
work.  The pings still show up.  I'm I doing something wrong?

-Scott


-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

help with pass rule Scott Elgram (Jul 01)
- Re: help with pass rule sekure (Jul 01)
  - Re: help with pass rule Scott Elgram (Jul 01)
    - Re: help with pass rule sekure (Jul 01)
    - Re: help with pass rule Scott Elgram (Jul 01)
- Re: help with pass rule Keith W. McCammon (Jul 01)
- <Possible follow-ups>
- Help with pass rule Carlton L. Whitmore (Sep 01)
  - Re: Help with pass rule sekure (Sep 01)
    - Re: Help with pass rule prabu (Sep 01)
    - Re: Help with pass rule sekure (Sep 02)
    - Re: Help with pass rule prabu (Sep 02)
    - Re: Help with pass rule sekure (Sep 03)
    - E-mail alerting Carlos M Ospina (Sep 03)

(Thread continues...)