Snort mailing list archives

RE: Snort pass rules question

From: "Pietersma, Kevin (CA - Toronto)" <kpietersma () deloitte ca>
Date: Mon, 12 Aug 2002 16:57:09 -0400



-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1



- From the SNORT FAQ (http://www.snort.org/docs/faq.html)

3.7 --faq-- --snort-- --faq-- --snort-- --faq-- --snort-- --faq--

Q: How do I ignore traffic coming from a particular host or hosts?



A: Write pass rules and add the host(s) to the portscan-ignorehosts

list.

   Call Snort with the -o option to activate the pass rules.

   See http://www.snort.org/docs/writing_rules/ for more information.



A: Use bpf on the commandline to ignore a host (for example):



       $ snort  not host 192.168.0.1





Cheers,

Kev Pietersma



- -----Original Message-----

From: snort-users-admin () lists sourceforge net

[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Eric Joe

Sent: Monday, August 12, 2002 3:43 PM

To: snort-users () lists sourceforge net

Subject: [Snort-users] Snort pass rules question





Hello,

I am trying to get snort to ignore SNMP requests from a machine

running

MRTG to my router. I haveinclude $RULE_PATH/local.rules

at the end of my snort.conf file and I have the following rule in my

local.rules file:

pass udp 192.168.1.3 any -> 192.168.1.1 161



Is my syntax correct? Do I have to use the -o switch to get it to use

the

local.rules?

Thanks





- -- 

Eric Joe

Network Operations

Journey's End Internet/Computer Connection Inc









- -------------------------------------------------------

This sf.net email is sponsored by: Dice - The leading online job

board

for high-tech professionals. Search and apply for tech jobs today!

http://seeker.dice.com/seeker.epl?rel_code=31

_______________________________________________

Snort-users mailing list

Snort-users () lists sourceforge net

Go to this URL to change user options or unsubscribe:

https://lists.sourceforge.net/lists/listinfo/snort-users

Snort-users list archive:

http://www.geocrawler.com/redir-sf.php3?list=snort-users



-----BEGIN PGP SIGNATURE-----

Version: PGP 7.1



iQA/AwUBPVghJWcZhd/EblG8EQIINACeKeXYhi+zIciV809QURCvZg8LVoAAoJPO

l2qmeUudOW1sdSN2sQoO6z8m

=1hT3

-----END PGP SIGNATURE-----

Attachment: PGPexch.htm.asc
Description:

Current thread:

Snort pass rules question Eric Joe (Aug 12)
- <Possible follow-ups>
- RE: Snort pass rules question McCammon, Keith (Aug 12)
- RE: Snort pass rules question Pietersma, Kevin (CA - Toronto) (Aug 12)