Snort mailing list archives

Excluding $HOME_NET -> $HOME_NET Alerts

From: Ed Kasky <ed () esson net>
Date: Sun, 19 May 2002 19:00:21 -0700

Is there a way to disable certain alerts from any home_net host to anotherhome_net host? I back up my web server over the wire to a tape machine andget flooded with "Shellcode X86 Noop" alerts whenever I run it. I also geta lot of "WEB-MISC long basic authorization string" alerts using acid toview alerts in a mysql database.

I was under the impression that "alert ip $EXTERNAL_NET any -> $HOME_NET"took care of this.


From my snort.conf:
var HOME_NET 10.0.0.0/24

I use 10.0.0.1 through 25 on the home_net.

Any suggestions are greatly appreciated...

Thanks in advance.

Ed
~~
Ed Kasky
Los Angeles, CA
. . . . . . . .
A professional is a person who can do his best at a time when
he doesn't particularly feel like it.
        ~~ Alistair Cooke


_______________________________________________________________
Hundreds of nodes, one monster rendering program.
Now that's a super model! Visit http://clustering.foundries.sf.net/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Excluding $HOME_NET -> $HOME_NET Alerts Ed Kasky (May 19)
- Re: Excluding $HOME_NET -> $HOME_NET Alerts Michael Boman (May 19)
  - Re: Excluding $HOME_NET -> $HOME_NET Alerts Ed Kasky (May 19)
    - Re: Excluding $HOME_NET -> $HOME_NET Alerts Michael Boman (May 19)
    - Re: Excluding $HOME_NET -> $HOME_NET Alerts Ed Kasky (May 20)
    - Re: Excluding $HOME_NET -> $HOME_NET Alerts Michael Boman (May 20)