9.4 Pass Rules

Previous page
Table of content
Next page
   

When compared to the new suppression rules, pass rules are a clumsy and lumbering way to address the need to ignore alerts from certain hosts, networks, or rules. A poorly written pass rule can cause all signatures to be passed, making the Snort sensor useless. For example, if a pass rule is written to ignore alerts for a range of network addresses on TCP port 23, actual attacks may go unnoticed. Thresholding and suppression rules should be used instead of pass rules.


Previous page
Table of content
Next page
Managing Security With Snort and IDS Tools
Managing Security with Snort and IDS Tools
ISBN: 0596006616
EAN: 2147483647
Year: 2006
Pages: 136
Authors: Christopher Gerg, Kerry J. Cox
BUY ON AMAZON
High-Speed Signal Propagation[c] Advanced Black Magic
WebLogic: The Definitive Guide
PMP Practice Questions Exam Cram 2
AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
802.11 Wireless Networks: The Definitive Guide, Second Edition
The Oracle Hackers Handbook: Hacking and Defending Oracle
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy