Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Rule Order

From: "Allan Dover" <allan () redwoods ca>
Date: Fri, 2 May 2003 08:29:12 -0400
Hey Ron,

I am having the same problem as you.  As soon as I switched to pass alert
log, I am getting undefined icmp errors.  Interestingly enough these were
known icmp alerts L3retriever and so on.

I am still a piglet with snort ( dont like using newbie )
Anyone have any other suggestions ?

Allan Dover
Systems Administrator


###################################################
This e-mail communication (including any or all attachments) is intended
only for the use of the person or entity to which it is addressed and may
contain confidential and/or privileged material. If you are not the intended
recipient of this e-mail, any use, review, retransmission, distribution,
dissemination, copying, printing, or other use of, or taking of any action
in reliance upon this e-mail, is strictly prohibited. If you have received
this e-mail in error, please contact the sender and delete the original and
any copy of this e-mail and any  printout thereof, immediately. Your
co-operation is appreciated.


----- Original Message -----
From: "Ron Shuck" <rshuck () Buchanan com>
To: <snort-users () lists sourceforge net>
Cc: <snort-devel () lists sourceforge net>
Sent: Thursday, May 01, 2003 3:33 PM
Subject: [Snort-users] Rule Order



Hi,

Has anyone else changed the rule order under 2.0?

When I upgraded to 2.0, I started having problems with ICMP alerts when
my rule order was set to 'pass alert log'. Actually, any setting other
than default caused problems. ICMP alerts happen, they just skip the
normal rule and trigger the "Undefined Code" rule.

TIA,

Ron Shuck, CISSP, GCIA - Managing Consultant
Buchanan Associates - A Technology Company in the People Business
http://www.buchanan.com
http://www.isc2.org
http://www.giac.org


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: