LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-04-2007, 08:17 AM   #1
ddaas
Member
 
Registered: Oct 2004
Location: Romania
Distribution: Ubuntu server, FreeBsd
Posts: 474

Rep: Reputation: 30
snort rules header - action


Hi there,
In the snort manual it is stated:
Code:
 As a precaution, keep in mind that Snort versions 1.x and 2.x apply rules in 
different ways. In Snort 1.x, if multiple rules match a given packet, only the first one is 
applied. After applying the first rule, no further action is taken on the packet. However in 
Snort version 2, all rules are applied before generating an alert message. The most severe
 alert message is then generated.
It snort2 applies all rules (not just the first that matches against a packet) what is the purpose of pass action. If I pass a packet, it will be caught by a second rule, right?


Please help me clarify this issue.

Thanks
 
Old 12-05-2007, 05:11 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
As I read it it's just for generating alerts, not the final decision to pass. Of course I may be wrong. In any case your question should be answered real quickly on the snort-users list. If you get an explanation there I'd appreciate it if you post the details here.
 
Old 12-06-2007, 03:13 AM   #3
ddaas
Member
 
Registered: Oct 2004
Location: Romania
Distribution: Ubuntu server, FreeBsd
Posts: 474

Original Poster
Rep: Reputation: 30
Hi,
Thanks for your answer.
If I find a detailed answer I'll post it here
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to write two snort detection rules to alert on packets to those rules romafiel *BSD 0 06-08-2007 08:00 PM
free snort rules? true_atlantis Linux - Security 3 04-14-2006 02:12 PM
Snort, Rules Tredo Linux - Security 1 12-20-2004 01:36 AM
updating snort rules zuessh Linux - Security 2 11-26-2003 02:11 PM
Snort Rules Canadian_2k2 Linux - Security 5 11-01-2002 11:24 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:49 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration