|
|
|
|
Snort Forums Archive
Archive Home » Rules » Pass rules not working
Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.
[ Notice: Full Version of This Topic ]
Pass rules not working
Posted by jbrownlee on May 03, 2005 08:58:39
I have an SNMP monitor that checks my Internet router. I made a rule with the following line in it:
pass udp $HOME_NET any -> any 161 (msg:"Outbound SNMP is OK";)
I put this rule file at the top of the list in my snort.conf file, but it is still being picked up by the snmp.rules file. If I # out this line:
alert udp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"SNMP request udp"; reference:bugtraq,4088; reference:bugtraq,4089; reference:bugtraq,4132; reference:cve,2002-0012; reference:cve,2002-0013; classtype:attempted-recon; sid:1417; rev:9;)
it works, but shouldn't the pass make it not process that packet further?
Thanks |
|
Posted by jbrownlee on May 03, 2005 09:00:10
Note that my $EXTERNAL_NET and $HOME_NET are still both set to "any". |
|
Posted by jbrownlee on May 03, 2005 09:31:09
I found it. Had to start Snort with the -o option. |
|
|
|
|
|
