Snort mailing list archives
alert refused to pass
From: Jasmine CHUA <Jasmine.Chua () internationalsos com>
Date: Fri, 27 Feb 2004 17:41:49 +0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all I have a problem here and hope someone can help me see some light. I have a pass rule that goes: pass tcp $INTRA_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC /doc/ access"; flow:to_server,established; uricontent:"/doc/"; nocase; reference:cve,CVE-1999-0678; reference:bugtraq,318; classtype:web-application-activity;sid:1000026;rev:1;) However, I am still seeing traffic and the rule does not work. My snort.conf : var INTRA_NET [x.x.x.x/x] var HTTP_SERVERS [y.y.y.y/y] And, I did include a "-o" when running snort. What am I missing here.. :( Jas -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.1 iQA/AwUBQD8Q3P4wcdIw6CVjEQIKlgCcD54tGq0/hceXylcb/Xptz4lxlq8Anjmo dKnW7zlg3/Y1DVLYiQ59zzy0 =Wo0A -----END PGP SIGNATURE-----
Attachment:
PGPexch.rtf.asc
Description:
Current thread:
- alert refused to pass Jasmine CHUA (Feb 27)
- <Possible follow-ups>
- RE: alert refused to pass Jasmine CHUA (Feb 27)