Snort mailing list archives
disabling rule groups based on host groups/subnets
From: "Youngquist, Jason R." <jryoungquist () ccis edu>
Date: Tue, 5 Apr 2011 15:19:28 +0000
I was wondering if there was any way to disable rule groups based on host groups or IP subnets? Ie. with pulledpork and the disablesid.conf file, I can disable rule groups such as "shellcode", "web-iis" etc. globally. With the threshold.conf, I can disable one individual rule for multiple IPs or subnets. What I would like to be able to do is disable rule group(s) based on host groups or IP subnets. Is there any way to do this besides maintaining two instances of snort? Thanks. Jason Youngquist Information Technology Security Engineer Technology Services Columbia College 1001 Rogers Street, Columbia, MO 65216 (573) 875-7334 jryoungquist () ccis edu http://www.ccis.edu ------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Snort-users Digest, Vol 58, Issue 73 Randal T. Rioux (Apr 02)
- <Possible follow-ups>
- Re: Snort-users Digest, Vol 58, Issue 73 Martin Holste (Apr 02)
- disabling rule groups based on host groups/subnets Youngquist, Jason R. (Apr 05)
- Re: disabling rule groups based on host groups/subnets Joel Esler (Apr 05)
- Re: disabling rule groups based on host groups/subnets Edward Fjellskål (Apr 05)
- disabling rule groups based on host groups/subnets Youngquist, Jason R. (Apr 05)