Snort mailing list archives
Doubt about rules
From: Sonika Malhotra <sonikam () magnum barc ernet in>
Date: Thu, 28 Feb 2002 16:40:01 +0530
Hello List, I have a doubt ( i had posted the question before also with no replies!) if i write rules as follows- pass any any -> my.server.ip.addr/32 25 pass any any -> my.server.ip.addr/32 53 alert any any -> my.server.ip.addr/32 any and run snort with -o option set. then: 1. snort is going to pass all traffic for 25 and 53 port , but alert on other ports but in this case is the "attack signature check" done for 25 and 53 or these packets are just passed without any check. 2. and what is the difference between alert and log.(except for the diff. files) thanx in advance sm. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Doubt about rules Sonika Malhotra (Feb 28)
- Re: Doubt about rules Erek Adams (Feb 28)
- Re: Doubt about rules koriun@ipia (Feb 28)
- Re[2]: Doubt about rules koriun@ipia (Feb 28)
- Re: Doubt about rules Erek Adams (Feb 28)
- <Possible follow-ups>
- RE: Re[2]: Doubt about rules Ronneil Camara (Feb 28)