Snort mailing list archives

RE: Ignoring all traffic from a certain network

From: "Wirth, Jeff" <WirthJe () DNB com>
Date: Mon, 15 Apr 2002 13:45:04 -0400

Stephen,


Is there a way to have Snort and all of it's rules ignore all 
traffic from 
a specific /24?  Like a global portscan-ignorehosts directive 
that affects 
everything, not just port scans?  I get a lot of false 
positives in the 
rules from my HOME_NET that I'd like to take out, if 
possible... thanks 
everyone.


You might try...

<snort.conf>
var EXTERNAL_NET = !HOME_NET

or

<snort command line w/ BPF filter>
snort <options> not src net X.X.X.X             # see snort man page for
more info..


- Jeff



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Ignoring all traffic from a certain network Stephen C Burns (Apr 15)
- Re: Ignoring all traffic from a certain network Erek Adams (Apr 15)
- <Possible follow-ups>
- RE: Ignoring all traffic from a certain network Wirth, Jeff (Apr 15)
- Re: Ignoring all traffic from a certain network piotr . bulczak (Apr 15)
- Ignoring all traffic from a certain network Stephen C Burns (Apr 15)
- RE: Ignoring all traffic from a certain network Tom Sevy (Apr 15)