Snort mailing list archives
Problems ignoring a host
From: "Peter Sundstrom" <peter () ginini com>
Date: Tue, 12 Feb 2002 12:47:26 +1100
I'm trying to ignore alerts triggered by our scanner without any luck. I've read through the doco and FAQ, and seem to have everything that is required, but obviously, I'm still missing something. I'm running snort 1.8.3 on Solaris 2.6. It gets started with: snort -bdD -o -c /usr/local/etc/snort.conf Note, that I have the -o flag to change the rule processing order. In snort.conf, I have include local.rules in the rulesets. I tried changing the order of the rulesets, without any difference. In local.rules I have: pass IP 192.168.1.25/32 any -> any any pass TCP 192.168.1.25/32 any -> any any pass ICMP 192.168.1.25/32 any -> any any pass UDP 192.168.1.25/32 any -> any any What am I missing?
Current thread:
- Problems ignoring a host Peter Sundstrom (Feb 11)
- Re: Problems ignoring a host Erek Adams (Feb 11)
- Re: Problems ignoring a host Peter Sundstrom (Feb 11)
- Re: Problems ignoring a host Erek Adams (Feb 11)
- Multiple sensors over WAN Onie Camara (Feb 11)
- Re: Problems ignoring a host Peter Sundstrom (Feb 11)
- <Possible follow-ups>
- RE: Problems ignoring a host Graham, Randy (RAW) (Feb 12)
- Re: Problems ignoring a host Erek Adams (Feb 11)