Snort mailing list archives
Snort (inline) is it possible to add a whitelist ip to a rule ?
From: "Morgan Cox" <morgancoxuk () gmail com>
Date: Fri, 10 Oct 2008 22:49:00 +0100
Hi. I want to know if it is possible to add a whitelist ip address to a rule. I.e :- drop tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"SQL generic sql update injection attempt"; flow:established,to_server; content:"update"; nocase; pcre:"/update[^\n]*set/i"; metadata:policy security-ips drop, service http; reference:url, www.securiteam.com/securityreviews/5DP0N1P76E.html; classtype:web-application-attack; sid:13514; rev:3;) - is it possible to add an destination IP that the rule will not apply I am using snort inline Cheers?
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort (inline) is it possible to add a whitelist ip to a rule ? Morgan Cox (Oct 10)