Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How to ignore ping/icmp traffic to-from a host

From: "Alex Pinheiro Machado Rodrigues" <alex () bsbnet com>
Date: Tue, 26 Feb 2002 14:19:29 -0300
Just add "not host nnn.nnn.nnn.nnn" at the snort startup parameters:
ex: "snort -dev -c snort conf not host 192.168.200.3"

Alex, Brazil





----- Original Message ----- 
From: "Steve Tyrol" <steve_tyrol () hotmail com>
To: <snort-users () lists sourceforge net>
Sent: Tuesday, February 26, 2002 2:10 PM
Subject: [Snort-users] How to ignore ping/icmp traffic to-from a host


I'm a bit of a newbie with snort, so pardon my ignorance.  I have
tried to find this info elsewhere with no success.

I am trying to tell snort to ignore icmp/ping traffic to and from a
specific host.  This host is used at 10 minute intervals to ping a
bank of servers to monitor up/down status.  As snort is currently
configured, this ping sweep triggers a snort alarm.  Can anyone help
me out with the appropriate entry in the rule set?

Any help is greatly appreciated.

Regards,

Steve



_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: