Snort mailing list archives
pass rule not working
From: Bill Essig <billessig () gmail com>
Date: Sat, 11 Feb 2006 23:00:10 -0800
Yes, I read the FAQ. I hope none of you have to drink too much after my question. I have the following in my snort.conf file: -- pass tcp 192.168.1.100 any -> 192.168.1.99 80 -- So, I just decide to ask for /usr/bin/cc in my URL: http://192.168.1.99/index.php?arg=/usr/bin/cc I thought due to my rule, this would not be logged or alerted. (fast alerts) So I cat my alert log, and get: -- 02/11-22:53:13.287208 [**] [1:1343:5] WEB-ATTACKS /usr/bin/cc command attempt [**] [Classification: Web Application Attack] [Priority: 1] {TCP} 192.168.1.100:2123 -> 192.168.1.99:80 -- It was my understanding that this was not to show up. Any clues? ~William
Current thread:
- pass rule not working Bill Essig (Feb 11)
- Re: pass rule not working Bill Essig (Feb 11)