|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Brian Carpio (carb02
csgsystems.com)Date: Thu Jun 07 2001 - 16:53:12 CDT
I have created a rule in my local.rules file (which is included in the
snort.conf file and the other rules in that file work but one)
I have a monitor server which snort records as
Jun 7 15:50:54 prod-backup snort[3682]: [ID 244969 auth.alert] ICMP Echo
Request *NIX: 205.144.151.100 -> 205.144.151.83
that's from /var/adm/messages
I have created a rule
pass 205.144.151.100/32 any -> 205.144.151.83/32 any
but messages are still getting recored in the /var/adm/messages from ICMP
Requests from this box.. what's wrong with my rule?? does the order of
rules in the snort.conf file regulate this?? Which takes presence a pass
rule or an alert rule??
Brian Carpio
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]