Snort mailing list archives
Re: Snort 1.8.7b6 not listen to BPF filters
From: Michael Boman <michael.boman () securecirt com>
Date: Sat, 20 Jul 2002 02:50:31 +0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have managed to isolate the issue to pre-processors, after I have applied both BPF filters (on command line and using the -F switch) as well as created a pass rule to pass all the traffic from the vuln-scan server (and still starting snort with the -o switch). I am still getting alerts thought, but they are from spp_stream4 and other spp_* processors now. My guess is that some parts, or the whole, of snort is ignoring the ignore requests. Atleast with the 'pass' rule I managed to keep the number of alerts down somewhat, but still doesn't work as expected. Best regards Michael Boman On Saturday 20 July 2002 02:24, Michael Scheidell wrote:
----- Original Message ----- From: "Michael Boman" <michael.boman () securecirt com> Newsgroups: local.snort.users Sent: Thursday, July 18, 2002 9:50 AM Subject: [Snort-users] Snort 1.8.7b6 not listen to BPF filtersand usr/bin/snort -D -U -o -i eth1 -c /etc/snort_eth1/snort.conf -F /etc/snort_eth1/ignore.bpf -z where content of 'ignore.bpf' is: not host x.x.x.xI have had the same problem since 1.8.6.x Sent in several requests for guidance, none of them have been very helpful so far.
- -- Michael Boman Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd) http://www.securecirt.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9OF99ds5fQJiraJwRAvUkAKDRvKeEC93Qsqhpg+7xT9e8oWIqhQCggIOY ClgkbfCeFBe268U6DEEvKcQ= =0Yd/ -----END PGP SIGNATURE----- ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 1.8.7b6 not listen to BPF filters Michael Boman (Jul 18)
- Re: Snort 1.8.7b6 not listen to BPF filters Michael Scheidell (Jul 19)
- Re: Snort 1.8.7b6 not listen to BPF filters Erek Adams (Jul 19)
- Re: Snort 1.8.7b6 not listen to BPF filters Michael Scheidell (Jul 19)
- Re: Snort 1.8.7b6 not listen to BPF filters Erek Adams (Jul 19)
- Re: Snort 1.8.7b6 not listen to BPF filters Michael Scheidell (Jul 19)
- Re: Snort 1.8.7b6 not listen to BPF filters Erek Adams (Jul 19)
- Re: Snort 1.8.7b6 not listen to BPF filters Andreas Östling (Jul 19)
- Re: Snort 1.8.7b6 not listen to BPF filters Michael Scheidell (Jul 19)
- Re: Snort 1.8.7b6 not listen to BPF filters Andrew R. Baker (Jul 19)
- Re: Snort 1.8.7b6 not listen to BPF filters Erek Adams (Jul 19)
- Re: Snort 1.8.7b6 not listen to BPF filters Michael Scheidell (Jul 19)