Snort mailing list archives
Alert from Internal Net as Attacker
From: Giuseppe Morici <giuseppe.morici () e-gate it>
Date: Tue, 12 Jan 2016 13:25:20 +0000
Hello, i've a question and hope that someone can give me some answer about. There is a possibility of exlude alert when the "source" it's a range of ip or aliases? The ip in source is an Internal net ip (of course is in whitelist and in Default list as home net) , infact the alert pop up but don't go in blocked list cause the ip is whitelisted. There is a possibility to exclude the alert only if source is internal net without disable the rules and let them to work for "real" attak? (this is just for limite the spam in alert list) Thanks for your help. [cid:image001.png@01D14D45.16379A80] Distinti Saluti Giuseppe Morici Help Desk e-GATE s.r.l. Uff.: +39 0112306001 Fax:+39 0112309130 Mobile:+39 3280389284 [cid:image002.png@01D14D45.16379A80] www.e-gate.it<http://www.e-gate.it/> www.e-gate.to.it<http://www.e-gate.to.it/> The information contained in this e-mail message is attorney privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by telephone or e-mail.
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Alert from Internal Net as Attacker Giuseppe Morici (Jan 12)
- Re: Alert from Internal Net as Attacker Al Lewis (allewi) (Jan 12)
- R: Alert from Internal Net as Attacker Giuseppe Morici (Jan 12)
- Re: Alert from Internal Net as Attacker Al Lewis (allewi) (Jan 12)
- Re: Alert from Internal Net as Attacker Alan Gao (Jan 12)
- Re: Alert from Internal Net as Attacker Joel Esler (jesler) (Jan 12)
- Re: Alert from Internal Net as Attacker Joel Esler (jesler) (Jan 12)
- R: Alert from Internal Net as Attacker Giuseppe Morici (Jan 12)
- Re: Alert from Internal Net as Attacker Al Lewis (allewi) (Jan 12)