Snort mailing list archives
Re: ignoring unwanted traffic comming from source
From: "Emre Yildirim" <emre () vsrc uab edu>
Date: Sat, 8 Dec 2001 20:58:07 -0600 (CST)
Emre: Do you have $HOME_NET set in any way?
I have: var HOME_NET any var EXTERNAL_NET any
What snort version/rule sets are you using?
I'm using the latest stable version (not development or CVS), and I'm using the default rule sets that came with the tarball. include bad-traffic.rules include exploit.rules include scan.rules include finger.rules include ftp.rules include smtp.rules include rpc.rules include rservices.rules include dos.rules include ddos.rules include dns.rules include tftp.rules include web-cgi.rules include web-misc.rules include web-attacks.rules include icmp.rules include netbios.rules include misc.rules include attack-responses.rules # include backdoor.rules # include shellcode.rules # include policy.rules # include porn.rules # include info.rules # include icmp-info.rules # include virus.rules include local.rules
What command line? What (if any..) edits to snort.conf?
I didn't edit anything other than commenting out some rule sets. Was I supposed to supply an IP for $HOME_NET? I think I tried 12.34.56.78/24 instead of any before, but I can't remember if that solved the issue. All I really want is that snort only logs stuffGOING to 12.34.56.78 not COMMING from, i.e. where 12.34.56.78 is the destination. (PS I'm not really using 12.34.56.78, but my real IP which is different :-) _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ignoring unwanted traffic comming from source Emre Yildirim (Dec 09)
- Re: ignoring unwanted traffic comming from source John Sage (Dec 09)
- Re: ignoring unwanted traffic comming from source Emre Yildirim (Dec 09)
- Re: ignoring unwanted traffic comming from source John Sage (Dec 09)
- Re: ignoring unwanted traffic comming from source Emre Yildirim (Dec 09)
- Re: ignoring unwanted traffic comming from source Emre Yildirim (Dec 09)
- Re: ignoring unwanted traffic comming from source John Sage (Dec 09)
- <Possible follow-ups>
- RE: ignoring unwanted traffic comming from source Ryan Hill (Dec 10)