Snort mailing list archives
RE: IP Question Part 2
From: "Wirth, Jeff" <WirthJe () DNB com>
Date: Thu, 8 Aug 2002 10:23:25 -0400
From: Jim Gifford [mailto:maillist () jg555 com]
My original question was how can I prevent my companies VPN server showing up in snort? I have added the rule pass tcp (inet_ip) any <> (vpn_ip) any But I still get the following message from snort. " spp_stream4: TTL EVASION (reassemble) detection"
Drop packets to/from "vpn-ip" before they hit the Snort engine using BPF.... ./snort <snort options> not host (vpn-ip) Check the Snort Users Manual or the FAQs ( http://www.snort.org/docs/faq.html#3.7 ) from more information.. - Jeff ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- IP Question Part 2 Jim Gifford (Aug 07)
- Re: IP Question Part 2 Ian Macdonald (Aug 08)
- <Possible follow-ups>
- RE: IP Question Part 2 Wirth, Jeff (Aug 08)