Snort mailing list archives
RE: supress an IP address?
From: Larry Wichman <larrywichman () yahoo com>
Date: Thu, 28 Oct 2004 09:25:37 -0700 (PDT)
I dont think I was clear enough...I do not want to see any events from an IP address. --- "Bristol, Gary L." <gbristol () ou edu> wrote:
How about suppressing in the Threshold.conf a Class B or 1 ip or Two with a CIDR of 32 or 31. This works for me. suppress gen_id 1, sig_id 365, track by_src, ip 129.15.0.0/16 suppress gen_id 1, sig_id 384, track by_src, ip 129.15.0.0/16 suppress gen_id 1, sig_id 402, track by_src, ip 129.15.0.0/16 suppress gen_id 1, sig_id 469, track by_src, ip 129.15.3.67/32 suppress gen_id 1, sig_id 1411, track by_src, ip 129.15.10.77/31 suppress gen_id 1, sig_id 1419, track by_dst, ip 129.15.3.27/32 -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Larry Wichman Sent: Thursday, October 28, 2004 10:54 AM To: Snorty S Snortman Subject: [Snort-users] supress an IP address? It does not look like you can do this in the threshold.conf, but I would like to not see events from a couple of IP addresses. Does anyone know of a way to do this? Cheers, Larry __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
-------------------------------------------------------
This Newsletter Sponsored by: Macrovision For reliable Linux application installations, use the industry's leading setup authoring tool, InstallShield X. Learn more and evaluate today.
http://clk.atdmt.com/MSI/go/ins0030000001msi/direct/01/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------------------------------------------------
This Newsletter Sponsored by: Macrovision For reliable Linux application installations, use the industry's leading setup authoring tool, InstallShield X. Learn more and evaluate today.
http://clk.atdmt.com/MSI/go/ins0030000001msi/direct/01/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
=====
Cheers,
Lawrence A. Wichman2719 W ThomasApt 2
Chicago
Il, 60622
773.807.7606
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail
-------------------------------------------------------
This Newsletter Sponsored by: Macrovision
For reliable Linux application installations, use the industry's leading
setup authoring tool, InstallShield X. Learn more and evaluate
today. http://clk.atdmt.com/MSI/go/ins0030000001msi/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- supress an IP address? Larry Wichman (Oct 28)
- RE: supress an IP address? Jeff Dell (Oct 28)
- <Possible follow-ups>
- RE: supress an IP address? Bristol, Gary L. (Oct 28)
- RE: supress an IP address? Larry Wichman (Oct 28)
- Re: supress an IP address? Jason (Oct 28)
- RE: supress an IP address? Larry Wichman (Oct 28)
- RE: supress an IP address? Shawn Kottke (Oct 28)
- RE: supress an IP address? Harper, Patrick (Oct 28)
- RE: supress an IP address? Esler, Joel - Contractor (Oct 28)