Snort mailing list archives

Exception to a rule pulled by pulledpork

From: Ilja Schumacher <ilja.schumacher () gmail com>
Date: Mon, 31 Mar 2014 08:58:56 +0200

Hello guys,

I have a snort that is spamming me with SIP Attack alerts because I have an
asterisk and an external SIP trunk that uses SIP peering. Additionally i
have my firewall drop any Sip-port Packets that do not come from the
siptrunk IP. (So pretty safe but i do not want to disable the rule
completely for the case of my firewall failing. Not very likely but still
possible)

How can i tell snort that inbound SIP from that one specific IP is ok while
not modifying the rule of pulledpork because it will overwrite it anyways
in next update. Or will it not?

Many thanks for your help in advance.

Cheers
Ilja

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Exception to a rule pulled by pulledpork Ilja Schumacher (Mar 31)
- Re: Exception to a rule pulled by pulledpork Jeremy Hoel (Mar 31)
- Re: Exception to a rule pulled by pulledpork waldo kitty (Mar 31)