Snort mailing list archives
Re: Unable to get Pass rules to ignore some traffic.
From: "David E. Gianndrea" <daveg () comsquared com>
Date: Thu, 18 Jul 2002 10:29:21 -0400
Well I don't know why it was not working, but after adding the /32 the pass rules started working. There was more than one rule doing this, the NETBIOS NT NULL session rule, and the Telnet rules were doing it as well. The /32 appears to have fixed my problem for now! Thanks ALL! -- David Gianndrea Senior Network Engineer Comsquared Systems, Inc. "Andrew R. Baker" wrote:
Moyer, Shawn wrote:Actually, I'm wondering if it's b/c of the "msg:" field being left in the rule, maybe it's still logging even if it's passing?Having the "msg:" field specified for a log or pass rule will not affect how the rule functions. It will just not get used for that particular rule.I have quite a few rules that don't have the slash notation on the end and they work -- I'm guessing the default if CIDR is not defined is to append /32.You are correct, if there is not CIDR block specified, it defaults to /32. Of course, knowing these things still does not explain why Snort is not properly applying the pass rule. -A
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Unable to get Pass rules to ignore some traffic . Moyer, Shawn (Jul 18)
- Re: Unable to get Pass rules to ignore some traffic . Andrew R. Baker (Jul 18)
- Windows 2000 and MySQL Laurent Grignet (Jul 18)
- RE: Windows 2000 and MySQL Gene Gomez (Jul 18)
- RE: Windows 2000 and MySQL Michael Steele (Jul 18)
- Re: Unable to get Pass rules to ignore some traffic. David E. Gianndrea (Jul 18)
- Windows 2000 and MySQL Laurent Grignet (Jul 18)
- Re: Unable to get Pass rules to ignore some traffic . Andrew R. Baker (Jul 18)