Snort mailing list archives
Exception to a rule pulled by pulledpork
From: Ilja Schumacher <ilja.schumacher () gmail com>
Date: Mon, 31 Mar 2014 08:58:56 +0200
Hello guys, I have a snort that is spamming me with SIP Attack alerts because I have an asterisk and an external SIP trunk that uses SIP peering. Additionally i have my firewall drop any Sip-port Packets that do not come from the siptrunk IP. (So pretty safe but i do not want to disable the rule completely for the case of my firewall failing. Not very likely but still possible) How can i tell snort that inbound SIP from that one specific IP is ok while not modifying the rule of pulledpork because it will overwrite it anyways in next update. Or will it not? Many thanks for your help in advance. Cheers Ilja
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Exception to a rule pulled by pulledpork Ilja Schumacher (Mar 31)
- Re: Exception to a rule pulled by pulledpork Jeremy Hoel (Mar 31)
- Re: Exception to a rule pulled by pulledpork waldo kitty (Mar 31)