Snort mailing list archives
ignore a single host
From: "isp" <isp () bnjcomp com>
Date: Sun, 21 Nov 2004 03:44:28 -0600
Can't quit figure out how to ignore a single computer. I have a computer which continuously gets following alert. It is because it is making lots of SNMP requests which is what it is suppose to do. How do I get snort to ignore a single host like this or just ignore this particular alert? thanks terry [**] [1:1417:9] SNMP request udp [**] [Classification: Attempted Information Leak] [Priority: 2] 11/21-03:37:59.626234 12.170.222.13:53965 -> 12.170.222.148:161 UDP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:118 DF Len: 90 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012 http://www.securityfocus.com/bid/4132] http://www.securityfocus.com/bid/4089] http://www.securityfocus.com/bid/4088] ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ignore a single host isp (Nov 22)
- Re: ignore a single host Matt Kettler (Nov 22)
- Re: ignore a single host Alex Butcher, ISC/ISYS (Nov 23)
- <Possible follow-ups>
- RE: ignore a single host Keith Pachulski (Nov 22)
- RE: ignore a single host Shnitko, Maxim {PBG} (Nov 22)
- RE: ignore a single host Shnitko, Maxim {PBG} (Nov 23)
- Re: ignore a single host Matt Kettler (Nov 22)