[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [firestorm053] pb with rules : BAD TRAFFIC loopback traffic ...
no I not use default ruleset,
but this rules and bad-traffic.rules file is not modified,
I would seek later why...
sorry for false pb.
Regard.
Gianni Tedesco wrote:
> On Sat, 2003-06-21 at 09:44, rmkml wrote:
> > Hi,
> >
> > look this rules :
> >
> > /xxx/snort-rules/bad-traffic.rules:alert ip any any <> 127.0.0.0/8 any
> > (msg:"BAD TRAFFIC loopback traffic"; classtype:bad-unknown;
> > reference:url,rr.sans.org/firewall/egress.php; sid:528; rev:3;)
> >
> > and read tcpdump file (join) :
> > 09:06:41.970786 24.78.142.0.3509 > 81.51.107.191.4662: S [tcp sum ok]
> > 45356840:45356840(0) win 16384 <mss 1460,nop,nop,sackOK> (DF) (ttl 113,
> > id 28847, len 48)
>
> I cannot reproduce this. When I run it I get no alerts...
>
> Are you using the default ruleset as ships with Firestorm?
>
> --
> // Gianni Tedesco (gianni at scaramanga dot co dot uk)
> lynx --source www.scaramanga.co.uk/gianni-at-ecsc.asc | gpg --import
> 8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D
>
> ------------------------------------------------------------------------
> Name: signature.asc
> signature.asc Type: application/pgp-signature
> Description: This is a digitally signed message part