Re: [Snort-sigs] problems setting flags

From: <studentmm08.pool-id(at)daimlerchrysler.com>
Date: Mon Aug 25 2003 - 03:33:07 EDT

>>all works fine, but all packages with ACK and SYN flags triggers off the

i think, that says the -o flag is allready set. if not, all packages would be
triggerd.

the solution for my problem must be another one.

>You need to change your rule ordering either with the -o command line
>switch, or with the "config order" directive in the configuration file:
>
> config order: pass alert dynamic activation log
>
>Otherwise, the alert rules are processed before the pass rules. But be
>*VERY* careful when you do this -- or you could bypass all of your
>detection rules in one fell swoop...
>
>studentmm08.pool-id@daimlerchrysler.com wrote:
>
>>pass tcp $LAN any -> $PROXY 80
http://www.vmware.com/wl/offer/358/0
>>_______________________________________________

This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0

Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs Received on Mon Aug 25 13:36:40 2003

This message: [ Message body ]
Next message: Jacob Roberts: "[Snort-sigs] Limiting Alert Rates? Newbie"
Previous message: Jon Hart: "Re: [Snort-sigs] change to sid 2189 (PIM) to account for MCAST-NET"
In reply to studentmm08.pool-id(at)daimlerchrysler.com: "[Snort-sigs] problems setting flags"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:34 EDT