Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IP Address Exclusion

From: Edin Dizdarevic <edin.dizdarevic () interActive-Systems de>
Date: Wed, 27 Aug 2003 18:03:06 +0200
Hi,

Andrew Dixon wrote:

Hi.

We have Co-located Windows 2003 server on which I am running Snort for
IDS, however, whenever we logon to the server via RDC or connect to
MySQL it reports an alert in the log. We have a fixed IP here, so is
there a way to tell Snort to not alert for anything from this IP
address.


At least two:

1. Pass rule (don't forget starting Snort with -o)
2. LSF filter (same as BPF filter L -> Linux)

See many postings on this as well as the FAQ.

Seems you have many false positives for me too...

Regards,

Edin




Thanks.
 
Best Regards,
Andrew Dixon.

MSO.net
Email: andrew.dixon () mso net


-- 
Edin Dizdarevic



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: