Snort mailing list archives
Re: disabling rule groups based on host groups/subnets
From: Joel Esler <jesler () sourcefire com>
Date: Tue, 5 Apr 2011 12:14:05 -0400
Sounds like you are trying to solve a problem in an inappropriate manner. Can you provide an example? J On Tue, Apr 5, 2011 at 11:19 AM, Youngquist, Jason R. <jryoungquist () ccis edu
wrote:
I was wondering if there was any way to disable rule groups based on host groups or IP subnets? Ie. with pulledpork and the disablesid.conf file, I can disable rule groups such as "shellcode", "web-iis" etc. globally. With the threshold.conf, I can disable one individual rule for multiple IPs or subnets. What I would like to be able to do is disable rule group(s) based on host groups or IP subnets. Is there any way to do this besides maintaining two instances of snort? Thanks. Jason Youngquist Information Technology Security Engineer Technology Services Columbia College 1001 Rogers Street, Columbia, MO 65216 (573) 875-7334 jryoungquist () ccis edu http://www.ccis.edu ------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Joel Esler | http://blog.snort.org | http://vrt-blog.snort.org | http://blog.clamav.net Twitter: http://twitter.com/snort
------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Snort-users Digest, Vol 58, Issue 73 Randal T. Rioux (Apr 02)
- <Possible follow-ups>
- Re: Snort-users Digest, Vol 58, Issue 73 Martin Holste (Apr 02)
- disabling rule groups based on host groups/subnets Youngquist, Jason R. (Apr 05)
- Re: disabling rule groups based on host groups/subnets Joel Esler (Apr 05)
- Re: disabling rule groups based on host groups/subnets Edward Fjellskål (Apr 05)
- disabling rule groups based on host groups/subnets Youngquist, Jason R. (Apr 05)