Snort mailing list archives
Excluding $HOME_NET -> $HOME_NET Alerts
From: Ed Kasky <ed () esson net>
Date: Sun, 19 May 2002 19:00:21 -0700
Is there a way to disable certain alerts from any home_net host to another home_net host? I back up my web server over the wire to a tape machine and get flooded with "Shellcode X86 Noop" alerts whenever I run it. I also get a lot of "WEB-MISC long basic authorization string" alerts using acid to view alerts in a mysql database.
I was under the impression that "alert ip $EXTERNAL_NET any -> $HOME_NET" took care of this.
From my snort.conf: var HOME_NET 10.0.0.0/24 I use 10.0.0.1 through 25 on the home_net. Any suggestions are greatly appreciated... Thanks in advance. Ed ~~ Ed Kasky Los Angeles, CA . . . . . . . . A professional is a person who can do his best at a time when he doesn't particularly feel like it. ~~ Alistair Cooke _______________________________________________________________ Hundreds of nodes, one monster rendering program. Now that's a super model! Visit http://clustering.foundries.sf.net/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Excluding $HOME_NET -> $HOME_NET Alerts Ed Kasky (May 19)
- Re: Excluding $HOME_NET -> $HOME_NET Alerts Michael Boman (May 19)
- Re: Excluding $HOME_NET -> $HOME_NET Alerts Ed Kasky (May 19)
- Re: Excluding $HOME_NET -> $HOME_NET Alerts Michael Boman (May 19)
- Re: Excluding $HOME_NET -> $HOME_NET Alerts Ed Kasky (May 20)
- Re: Excluding $HOME_NET -> $HOME_NET Alerts Michael Boman (May 20)
- Re: Excluding $HOME_NET -> $HOME_NET Alerts Ed Kasky (May 19)
- Re: Excluding $HOME_NET -> $HOME_NET Alerts Michael Boman (May 19)