Re: home_net and ext_net question

[Neil Dickey <neil () geol niu edu>]

"Mike Zupan" <mzupan () meso com> wrote asking:

> var HOME_NET [66.93.31.0/24,129.4.26.0/24]
> var EXTERNAL_NET [66.93.31.0/24,129.4.26.0/24] (i have also tried just any)

Why do you have HOME_NET and EXTERNAL_NET set identically?
... Just curious.

> This is an example of what I want to stop snort from logging.
>
> snmp connections from 66.93.31.10 -> 66.93.31.1

I would try something like this in local.rules:

  pass udp 66.93.31.10 any -> 66.93.31.1 any

Use the "-o" switch on the command line when invoking Snort if you're
not already.  If specific ports are involved, then use them instead
of "any".

> i also get cgi-redirect snort logs from desktops in the 66 class C range.
> Is there a way to stop logging when connecting to other internal servers.

I suspect more pass rules would help you here, perhaps like the one
above?  I'd need more information on the cgi-redirect stuff to be more
specific.

I hope this helps.

Best regards,

Neil Dickey, Ph.D.
Research Associate/Sysop
Geology Department
Northern Illinois University
DeKalb, Illinois
60115


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users