Re: *NEWBIE* Excluding Proxy Traffic from Snort?

[Erek Adams <erek () theadamsfamily net>]

On Thu, 14 Nov 2002, Matthew Gavin wrote:

> Hi all, I'm new to Snort... still trying to work my way through the
> excellent documentation.
>
> I was hoping for an answer to a really simple question... I want to
> exclude any internal traffic hitting my Proxy from, my alert log... I am
> being barraged with the following every second... it's legit, and
> useless to me:

[...snip...]

For two basic ways to ignore traffic, check out this [0] info.

> var HOME_NET 203.xx.xx.0/24
> var EXTERNAL_NET any

But the real answer:  Change EXTERNAL_NET to !$HOME_NET .  That ignores
anything on the internal networks where 'any' looks at it as well.

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


[0]     http://www.theadamsfamily.net/~erek/snort/ignore.txt



-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users