Rule problems

["Pete Blessing" <Pete.Blessing () WDPartners com>]

I have created a line in the local.rules file that is as follows:  pass
udp A.A.A.A any -> X.X.X.X/32 161.
I also have used the "-o" to have the "pass" be processed before the
rest of the other rules.  My question is why would I still be seeing
traffic being alerted to my DB from A.A.A.A to X.X.X.X?  When look at
the alert in ACID it shows udp as well as the dport being 161.  Am I
missing something? The signature is a "spp_asn1".  I am rather new to
snort but I think I am following the correct syntax for my rule.
 
Thanks,
 
 

   Peter Blessing
   Network Administrator
   1201 Dublin Road
   Columbus, OH  43215-1026
   614.232.0175  T
   614.221.2484  F
   Pete.Blessing () wdpartners com