*NEWBIE* Excluding Proxy Traffic from Snort?

["Matthew Gavin" <matt () tempo com au>]

Hi all, I'm new to Snort... still trying to work my way through the excellent
documentation.

I was hoping for an answer to a really simple question... I want to exclude any
internal traffic hitting my Proxy from, my alert log... I am being barraged with
the following every second... it's legit, and useless to me:

[**] [1:618:2] SCAN Squid Proxy attempt [**]
[Classification: Attempted Information Leak] [Priority: 2]
11/14-16:11:12.112690 0:50:73:27:1D:41 -> 0:10:5A:68:35:9E type:0x800 len:0x3E
10.1.5.115:2657 -> 203.xx.xx.xx:3128 TCP TTL:125 TOS:0x0 ID:49315 IpLen:20
DgmLen:48 DF
******S* Seq: 0x15E126F  Ack: 0x0  Win: 0x2000  TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK

Is there a quick way to exclude this information? My /etc/snort.conf makes no
reference to my internal LAN... It only knows of the DMZ - Like so:

var HOME_NET 203.xx.xx.0/24
var EXTERNAL_NET any

Thanks in advance.

mg © 2002

MCSE = Must Consult Someone Else.
_____________________________________________



-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing
your web site with SSL, click here to get a FREE TRIAL of a Thawte
Server Certificate: http://www.gothawte.com/rd524.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users