Snort mailing list archives
Ignoring certain hosts
From: storm <storm-shadow () comcast net>
Date: Sun, 02 Jun 2002 18:15:49 -0400
Keep getting hit with broadcasts from my ISP. So I would like to not see these in the alerts anymore. And, sometimes when a user accesses our file server (legit user), snort reports: [1:2102:1] NETBIOS SMB SMB_COM_TRANSACTION Max Data Count of 0 DOS Attempt [**]. Would like to ignore all internal traffic and broadcasts from ISP. In the faqs, it said to write pass rules and add the hosts to the portscan-ignorehosts list . Then to call snort with the -o option to activate the pass rules. Can anyone elaborate on this? TIA storm
Current thread:
- Ignoring certain hosts storm (Jun 01)
- Re: Ignoring certain hosts Erek Adams (Jun 02)