Snort mailing list archives
Re: what is the command line to use ignore.rules - pass ip
From: hernani coelho <hernani_coelho () msn com>
Date: Fri, 22 Jan 2016 14:22:59 +0000
alerts are in dst ip 0.0.0.0 or source src 64.4.8.0 or src 64.4.8.1 On 22-01-2016 13:54, Al Lewis (allewi) wrote:
Can you provide a pcap of the traffic you are having problems with?
in snort, download in pcap format, shows nothing
Have you tried suppressing the IP's you don't want?
i have tried this ---> suppress gen_id 1, sig_id 1852, track by_src, ip 0.0.0.0 suppress gen_id 1, sig_id 1852, track by_src, ip 64.4.8.0 suppress gen_id 1, sig_id 1852, track by_src, ip 64.4.8.1 suppress gen_id 1, sig_id 1852, track by_dst, ip 0.0.0.0
Do you have your home_net setup correctly?
ipvar HOME_NET [192.168.1.66/24]
Albert Lewis QA Software Engineer SOURCEfire, Inc. now part of Cisco 9780 Patuxent Woods Drive Columbia, MD 21046 Phone: (office) 443.430.7112 Email: allewi () cisco com -----Original Message----- From: hernani coelho [mailto:hernani_coelho () msn com] Sent: Friday, January 22, 2016 8:45 AM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] what is the command line to use ignore.rules - pass ip if i put in command line this ---> /usr/local/bin/snort -q -u snort -g snort -O /etc/snort/rules/ignore.rules -c /etc/snort/snort.conf -i wlan0 snort no works On 22-01-2016 13:30, hernani coelho wrote:hello, i have this command line --->/usr/local/bin/snort -q -u snort -g snort -O -c /etc/snort/snort.conf -i wlan0 to work with rule pass ip on file /etc/snort/rules/ignore.rules i have put in file this --> pass ip 64.4.8.0 any -> any any (msg:"Ignore this host";sid:1000001;rev:1;) pass ip 64.4.8.1 any -> any any (msg:"Ignore this host";sid:1000001;rev:1;) pass ip 0.0.0.0 any -> any any (msg:"Ignore this host";sid:1000001;rev:1;) is this correct?? snort show ip's in same way. can someone help me?? i tried BPF file but no work, the ip 0.0.0.0 is show anyway ---------------------------------------------------------------------- -------- Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- what is the command line to use ignore.rules - pass ip hernani coelho (Jan 22)
- Re: what is the command line to use ignore.rules - pass ip hernani coelho (Jan 22)
- Re: what is the command line to use ignore.rules - pass ip Al Lewis (allewi) (Jan 22)
- Re: what is the command line to use ignore.rules - pass ip hernani coelho (Jan 22)
- Re: what is the command line to use ignore.rules - pass ip Al Lewis (allewi) (Jan 22)
- Re: what is the command line to use ignore.rules - pass ip hernani coelho (Jan 22)
- Re: what is the command line to use ignore.rules - pass ip hernani coelho (Jan 22)
- Re: what is the command line to use ignore.rules - pass ip hernani coelho (Jan 22)
- Re: what is the command line to use ignore.rules - pass ip Al Lewis (allewi) (Jan 22)
- Re: what is the command line to use ignore.rules - pass ip Al Lewis (allewi) (Jan 22)
- Message not available
- Re: what is the command line to use ignore.rules - pass ip Al Lewis (allewi) (Jan 22)
- Re: what is the command line to use ignore.rules - pass ip hernani coelho (Jan 25)
- Re: what is the command line to use ignore.rules - pass ip wkitty42 (Jan 25)
- Re: what is the command line to use ignore.rules - pass ip hernani coelho (Jan 25)
- Re: what is the command line to use ignore.rules - pass ip Al Lewis (allewi) (Jan 22)
- Re: what is the command line to use ignore.rules - pass ip hernani coelho (Jan 22)