Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Ignore some ip's

From: LaraCroft <laracroft () zaralinux com>
Date: Wed, 27 Jun 2001 10:06:51 +0200
Hello:

I have installed a snort in a linux-firewall, my network is:

internet -> firewalll & snort -> internet servers
In my snort log appears many entries of source conexions from my internet servers. I don't want this, i want that snort ignore the conexions from my internet servers to another sites. 

How can i do this? i have put this in my snort.conf:

var DNS_SERVERS [ip_primary_dns_server/32,ip_secundary_dns_server/32]

preprocessor portscan-ignorehosts: $DNS_SERVERS

but in my snort log there is already many entries from dns_servers.

any ideas?

LaraCroft


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: