Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Pass rule not passing preprocessors (Absent jusqu'au 29/07/2002)

From: "Pascal Painparay" <pascal.painparay () tdf fr>
Date: Mon, 21 Apr 2003 15:42:16 +0200
Je suis absent jusqu'au 21/04/03 inclus. 
En cas d'urgence, Vous pouvez contacter :
  Christophe Savin au 01 49 15 32 75.

Cdt
Pascal Painparay


snort-users 04/21/03 15:21 >>>


"Always Bishan" <bishan4u () yahoo co uk> writes:


Hi Snorters,

I wrote a pass rule which will pass anything coming
from one machine.
pass tcp 192.168.1.2 -> any any
pass icmp 192.168.1.2 -> any any
pass udp 192.168.1.2 -> any any



[...]


Now by writing this pass rule I'm able to avoid any
alerts from my rules directory, but preprocessors are
still generating alerts. 

Is there anyway to avoid this?


If you want to omit traffic from that machine completely, disable all
traffic from it in your bpf filter for snort.

snort <command args> not host 192.168.1.2
-- 
Chris Green <cmg () sourcefire com>
To err is human, to moo bovine.


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: