Snort mailing list archives

RE: IP Question Part 2

From: "Wirth, Jeff" <WirthJe () DNB com>
Date: Thu, 8 Aug 2002 10:23:25 -0400

From: Jim Gifford [mailto:maillist () jg555 com]


My original question was how can I prevent my companies VPN 
server showing
up
in snort?

I have added the rule
pass tcp (inet_ip) any <> (vpn_ip) any

But I still get the following message from snort.
" spp_stream4: TTL EVASION (reassemble) detection"


Drop packets to/from "vpn-ip" before they hit the Snort engine using BPF....

        ./snort <snort options> not host (vpn-ip)

Check the Snort Users Manual or the FAQs (
http://www.snort.org/docs/faq.html#3.7 ) from more information..

- Jeff


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

IP Question Part 2 Jim Gifford (Aug 07)
- Re: IP Question Part 2 Ian Macdonald (Aug 08)
- <Possible follow-ups>
- RE: IP Question Part 2 Wirth, Jeff (Aug 08)