Snort mailing list archives
RE: HOWTO Ignore specific IP addresses
From: "Steven Rudolph" <srudolph () iocenter net>
Date: Tue, 13 May 2003 17:03:38 -0400
Add this line to the end of your snort startup script: 'not src host aaa.bbb.ccc.ddd && not src host aaa.bbb.ccc.ddd && not src host aaa.bbb.ccc.ddd && not src host aaa.bbb.ccc.ddd' This works for me. Steve -----Original Message----- From: Michael Parkinson [mailto:michael () intellnet net uk] Sent: Tuesday, May 13, 2003 12:39 PM To: snort-users () lists sourceforge net Subject: [Snort-users] HOWTO Ignore specific IP addresses Hi All, OK slowly going brain dead here. Current set-up is two web servers attached to a SNAZ NFS server. When I kick Snort into action it works fine BUT I get literally hundreds of false positives : BAD TRAFFIC bad frag bits MISC Large UDP Packet A simple solution is to tell Snort to ignore this server completely....Simply put how do I get Snort to ignore this machine completely? All help appreciated. With thanks Mike ==================================================== http://www.ishop.co.uk/ Build on-line. Buy online. The only UK based complete e-commerce package. ==================================================== Michael Parkinson BSc.(Hons) Technical Director Intellnet Limited 5 Priors London Road Bishops Stortford Herts CM23 5ED ==================================================== Phone : 01279 602800 DDI : 01279 602805 Fax : 01279 600815 Mobile : 07770 380511 ICQ No. : 47666166 E-mail : michael () intellnet net uk michael () parkinson co uk URL : http://www.intellnet.net.uk/ http://www.ishop.co.uk/ ==================================================== ------------------------------------------------------- Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara The only event dedicated to issues related to Linux enterprise solutions www.enterpriselinuxforum.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Attachment:
smime.p7s
Description:
Current thread:
- HOWTO Ignore specific IP addresses Michael Parkinson (May 13)
- Re: HOWTO Ignore specific IP addresses Demetri Mouratis (May 13)
- Re: HOWTO Ignore specific IP addresses Edin Dizdarevic (May 13)
- Re: HOWTO Ignore specific IP addresses Dragos Ruiu (May 13)
- <Possible follow-ups>
- RE: HOWTO Ignore specific IP addresses Steven Rudolph (May 13)