Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Pass rule help needed

From: Steve Ochani <jpegny () optonline net>
Date: Sat, 05 Jan 2002 12:29:36 -0500
Hello,

I'm using snort 1.8.3 on a Sun ULTRA 10 with Solaris 8.

Running snort as 

/opt/snort/bin/snort -o -d -D -A fast -c /opt/snort/etc/snort.conf

I'm trying to write a pass rule to not detect scans to port 137(udp) from 1 machine.

I've tried 

pass udp 192.168.1.20/32 any -> any 137

and 

pass udp 192.168.1.20 any -> any 137

in my local.rules which is included in my snort.conf

and I am using the -o option to run snort but I still get portscan detects from this machine to 
port 137.

I want to be able detect portscans from that machine ... just not to port 137/udp

Thanks


 

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: