Snort mailing list archives
Re: Ignoring SNMP from specific addresses?
From: Matt Richard <matt.richard () fandm edu>
Date: Mon, 10 Mar 2003 16:52:04 -0500
Either one would indeed work.Would you consider, at some time, adding an SNMP_SERVERS option that works just like SMTP_SERVERS in snort.conf?
Thanks for the tip, Matt
On Mon, 10 Mar 2003, Matt Richard wrote:I'd like to ignore all SNMP requests from our network management server, which is in a different subnet from my HOME_NET subnet. Is there an SNMP_SERVERS option, or something like that, that I can add to my snort.conf file? Or would you just suggest adding that server's IP address into my HOME_NET variable? I want to look for other bad stuff that may come from that subnet, but I don't care to know how often that server does a new discovery cycle.Two ways. Read about them in the docs, or a summary [0]. Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson [0] http://www.theadamsfamily.net/~erek/snort/ignore.txt
-- Matt Richard Access and Security Coordinator Franklin & Marshall College matt.richard () fandm edu (717) 291-4157 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Deloder worm spyguy (Mar 10)
- Ignoring SNMP from specific addresses? Matt Richard (Mar 10)
- Re: Ignoring SNMP from specific addresses? Erek Adams (Mar 10)
- Re: Ignoring SNMP from specific addresses? Matt Richard (Mar 10)
- Re: Ignoring SNMP from specific addresses? Erek Adams (Mar 10)
- Re: Deloder worm Kevin Pietersma (Mar 11)
- Re: Deloder worm Bill McCarty (Mar 12)
- Ignoring SNMP from specific addresses? Matt Richard (Mar 10)