Snort mailing list archives

Re: How to Ignore certain alerts

From: Joel Esler <jesler () sourcefire com>
Date: Fri, 18 Sep 2009 18:43:19 -0400

Check out "suppression" in the Snort manual.

J

On Friday, September 18, 2009, Daniel Qian <daniel.qian () supracanada com> wrote:

I am having nearly 10000 Microsoft SQL server related alerts produced by
Snort for our /23 network block. But most of our systems are not even
Microsoft. I am trying to make Snort send these alerts for only a couple
servers. so I have tried putting

var SQL_SERVERS [x.x.x.x/32,y.y.y.y/32]

in snort.conf but it doesnt do anything for me. What is the best approach to
achieve that result?

Two links about the alerts copied from Barnyard2:

http://www.microsoft.com/technet/security/bulletin/MS02-039.mspx

http://vil.nai.com/vil/content/v_99992.htm


Thanks,
Daniel


------------------------------------------------------------------------------
Come build with us! The BlackBerry&reg; Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9&#45;12, 2009. Register now&#33;
http://p.sf.net/sfu/devconf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


------------------------------------------------------------------------------
Come build with us! The BlackBerry&reg; Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9&#45;12, 2009. Register now&#33;
http://p.sf.net/sfu/devconf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

How to Ignore certain alerts Daniel Qian (Sep 18)
- Re: How to Ignore certain alerts Joel Esler (Sep 18)
  - Re: How to Ignore certain alerts Daniel Qian (Sep 19)
    - Re: How to Ignore certain alerts Joel Esler (Sep 19)
    - Re: How to Ignore certain alerts Daniel Qian (Sep 19)
    - Re: How to Ignore certain alerts Joel Esler (Sep 19)
    - Re: How to Ignore certain alerts Daniel Qian (Sep 19)
    - Re: How to Ignore certain alerts Joel Esler (Sep 20)
    - Re: How to Ignore certain alerts Brian Fagan (Sep 21)
    - Re: How to Ignore certain alerts Daniel Qian (Sep 21)
    - Re: How to Ignore certain alerts Joel Esler (Sep 21)
    - Re: How to Ignore certain alerts Daniel Qian (Sep 21)

(Thread continues...)