Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: SNMP EXCLUDE

From: "Kjetil Laasby" <Kjetil () laasby com>
Date: Fri, 5 Apr 2002 14:25:53 +0200
Shot in the dark from me.. 


var SNMP ![192.168.0.1o/32 192.168.8/32]


should be
var SNMP ![192.168.0.10/32,192.168.8/32]
                      ^   ^

According to
http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.2.3
this should work..

If not - try without using a VAR, just enter the NOT statement
directly into the rule.. (isolate the error into one sentence).

Regards,
Kjetil

-----Original Message-----
From: Ganu Skop [mailto:skopganu () yahoo com] 
Sent: 5. april 2002 13:38
To: snort-users () lists sourceforge net
Subject: [Snort-users] SNMP EXCLUDE

hi there,
my isp is running mrtg therefore there's always SNMP
request udp alert.
therefore is there anyway that i wanna exclude known
SNMP IP ?
try this but failed:
snort.conf
var SNMP ![192.168.0.1o/32 192.168.8/32]

experimental.conf
alert udp $SNMP any -> $HOME_NET 161

but... it still detected the alert

i'm using Version 1.8.3 (Build 88)

thanks


=====
//skopganu

__________________________________________________
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: