Snort mailing list archives
Re: Portscan2...
From: Alberto Gonzalez <albertg () wwjh net>
Date: Sat, 22 Mar 2003 15:14:05 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 22 Mar 2003, Tobias Rice wrote:
Erek- Thanks for the tips, I'll try the ignore options and see if it works for me. But I.m a little confused about the BPF filters, the man page is a little vague. Currently, I.m running snort like so: /usr/sbin/snort-mysql+flexresp -o -i eth0 -c /etc/snort/snort.conf So would it now be: (after creating the file scan.bpf) /usr/sbin/snort-mysql+flexresp -o -i eth0 -c /etc/snort/snort.conf .F bpf_file: /etc/snort/scan.bpf And the file scan.bpf would contain this: not host 111.222.333.444 and not port (53 or 5060) Thanks again!
What you can do is the following /usr/sbin/snort -o -i eth0 -c /etc/snort/snort.conf -F /etc/snort/scan.bpf [... OR ...] /usr/sbin/snort -i -i eth0 -c /etc/snort/snort.conf not host 111.222.333.444 && not port (53 or 5060) Either way, it should work. Cheers! Alberto Gonzalez - -- "Success comes to the person who does today, what you are thinking of doing tomorrow." -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+fMQQa3vAB/3yp/IRAorSAJwLmbC5IbPHFCRoLh8KkKkKlSea2wCfa4FG DBrPP4/RwtemnFgXCfkcQ5M= =LQRX -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Portscan2... Tobias Rice (Mar 22)
- Re: Portscan2... Erek Adams (Mar 22)
- Re: Portscan2... Tobias Rice (Mar 22)
- Re: Portscan2... Erek Adams (Mar 22)
- Re: Portscan2... Tobias Rice (Mar 22)
- Re: Portscan2... Erek Adams (Mar 22)
- Re: Portscan2... Tobias Rice (Mar 22)
- Re: Portscan2... Alberto Gonzalez (Mar 22)
- Re: Portscan2... Alberto Gonzalez (Mar 22)
- Re: Portscan2... Tobias Rice (Mar 22)
- Re: Portscan2... Erek Adams (Mar 22)
- Re: Portscan2... Jim Burwell (Mar 22)
- Re: Portscan2... Erek Adams (Mar 23)
- Re: Portscan2... Jim Burwell (Mar 23)