Snort mailing list archives
RE: Snort pass rules failing
From: "Jerry Shenk" <jshenk () decommunications com>
Date: Thu, 13 May 2004 21:09:21 -0400
Ya know, when I posted this last message, I thought about the fact that this is the first time I've tried using the ENTIRE rule that hit instead of stripping out all the 'extra stuff'. After stripping that out, it seems like things are working as expected. -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Matt Kettler Sent: Thursday, May 13, 2004 8:13 PM To: Jerry Shenk; snort-users () lists sourceforge net Subject: Re: [Snort-users] Snort pass rules failing At 07:19 PM 5/13/2004, Jerry Shenk wrote:
I'm trying to get a new IDS box set up. I'm trying to set up a few specific pass rules for a box that does monitoring (ICMP and SNMP) and
a
router (ICMP redirects) and a web proxy server. None of them seem to
be
taking. I'm running version 2.1.1 (Build 25)
did you start snort with the -o parameter? ------------------------------------------------------- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Problem compiling MySQL Support into Snort Tony Howlett (Apr 14)
- spp_portscan2 issues Marlon . Richards (Apr 15)
- Re: spp_portscan2 issues Marlon . Richards (Apr 15)
- Urls accessed Laura (Apr 15)
- Message not available
- Re: spp_portscan2 issues Matt Kettler (Apr 15)
- Re: spp_portscan2 issues Marlon . Richards (Apr 15)
- spp_portscan2 issues Marlon . Richards (Apr 15)
- <Possible follow-ups>
- RE: Problem compiling MySQL Support into Snort Harper, Patrick (Apr 15)
- RE: Problem compiling MySQL Support into Snort Tony Howlett (May 13)
- Snort pass rules failing Jerry Shenk (May 13)
- Re: Snort pass rules failing Matt Kettler (May 13)
- RE: Snort pass rules failing Jerry Shenk (May 13)
- RE: Snort pass rules failing Jerry Shenk (May 13)
- RE: Problem compiling MySQL Support into Snort Tony Howlett (May 13)