Snort mailing list archives
Re: Network Variables
From: "Seth Dunn" <seth () d2ms com>
Date: Wed, 1 May 2013 06:43:24 -0400
Hey Michael, I will give that a try and see if that works. I have not tried that combination yet. @Jeff, Where are you seeing /16? Did I fat finger something? I am trying to filter out /24 (255.255.255.0) for both networks. -----Original Message----- From: Michael Green [mailto:Michael.Green () gbst com] Sent: Wednesday, May 01, 2013 12:07 AM To: Seth Dunn; waldo kitty; snort-users () lists sourceforge net Subject: RE: [Snort-users] Network Variables Try not net 10.10.0.0/24 and not net 10.30.0.0/24 -----Original Message----- From: Seth Dunn [mailto:seth () d2ms com] Sent: Wednesday, 1 May 2013 12:18 PM To: waldo kitty; snort-users () lists sourceforge net Subject: Re: [Snort-users] Network Variables My bpf file is ignore.bpf and has one line in it:: not net 10.10.0.0/24 || 10.30.0.0/24 I have also tried variations of that rule using ! instead of not... Using && instead of || I have also used the rule across two lines like not net 10.10.0.0/24 && not net 10.30.0.0/24 But that also did not work. I have the bpf file defined in my snort.conf file :: config bpf_file: D:\Snort\etc\ignore.bpf I also call it with the switch -F d:\snort\etc\ignore.bpf Still nothing. Traffic is not ignored/filtered out....snort still alerts on it. -----Original Message----- From: waldo kitty [mailto:wkitty42 () windstream net] Sent: Tuesday, April 30, 2013 9:47 PM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] Network Variables On 4/30/2013 19:28, Seth Dunn wrote:
Right, and I set up the text file, and snort started and read the
file.
But it didn't filter out the traffic. And I have followed the examples I have seen creating the file, but it
is not working as expected.
please post the contents of the file and the command line you used to start snort... -- NOTE: No off-list assistance is given without prior approval. Please keep mailing list traffic on the list unless private contact is specifically requested and granted. ------------------------------------------------------------------------ ------ Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with <2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------ ------ Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with <2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and / or privileged material that may be governed by confidential information provisions contained in the agreement between GBST and your company. Any disclosure, copying, distribution, or other use without the express consent of the sender is prohibited. If you received this in error, please contact the sender and delete the material from any computer. All rights in the information transmitted, including copyright, are reserved. Nothing in this message should be interpreted as a digital signature that can be used to authenticate a document. No warranty is given by the sender that any attachments to this email are free from viruses or other defects. ------------------------------------------------------------------------------ Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with <2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Network Variables Seth Dunn (Apr 29)
- Re: Network Variables Seth Dunn (Apr 30)
- Re: Network Variables Jeremy Hoel (Apr 30)
- Re: Network Variables Seth Dunn (Apr 30)
- Re: Network Variables Jeremy Hoel (Apr 30)
- Re: Network Variables Seth Dunn (Apr 30)
- Re: Network Variables waldo kitty (Apr 30)
- Re: Network Variables Seth Dunn (Apr 30)
- Re: Network Variables Michael Green (Apr 30)
- Re: Network Variables Seth Dunn (May 01)
- Re: Network Variables Seth Dunn (May 01)
- Re: Network Variables waldo kitty (May 01)
- Re: Network Variables Seth Dunn (May 01)
- Re: Network Variables waldo kitty (May 01)
- Re: Network Variables Russ Combs (May 01)
- Re: Network Variables Seth Dunn (May 02)
- Re: Network Variables James Lay (May 02)
- Re: Network Variables Seth Dunn (May 02)
- Re: Network Variables Seth Dunn (May 02)
- Re: Network Variables James Lay (May 02)
- Re: Network Variables Jeremy Hoel (Apr 30)
- Re: Network Variables Seth Dunn (Apr 30)