Snort mailing list archives
RE: SNMP EXCLUDE
From: "Kjetil Laasby" <Kjetil () laasby com>
Date: Fri, 5 Apr 2002 14:25:53 +0200
Shot in the dark from me..
var SNMP ![192.168.0.1o/32 192.168.8/32]
should be var SNMP ![192.168.0.10/32,192.168.8/32] ^ ^ According to http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.2.3 this should work.. If not - try without using a VAR, just enter the NOT statement directly into the rule.. (isolate the error into one sentence). Regards, Kjetil -----Original Message----- From: Ganu Skop [mailto:skopganu () yahoo com] Sent: 5. april 2002 13:38 To: snort-users () lists sourceforge net Subject: [Snort-users] SNMP EXCLUDE hi there, my isp is running mrtg therefore there's always SNMP request udp alert. therefore is there anyway that i wanna exclude known SNMP IP ? try this but failed: snort.conf var SNMP ![192.168.0.1o/32 192.168.8/32] experimental.conf alert udp $SNMP any -> $HOME_NET 161 but... it still detected the alert i'm using Version 1.8.3 (Build 88) thanks ===== //skopganu __________________________________________________ Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax http://taxes.yahoo.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: SNMP EXCLUDE Kjetil Laasby (Apr 05)