Snort mailing list archives
Re: IP Address Exclusion
From: Edin Dizdarevic <edin.dizdarevic () interActive-Systems de>
Date: Wed, 27 Aug 2003 18:03:06 +0200
Hi, Andrew Dixon wrote:
Hi. We have Co-located Windows 2003 server on which I am running Snort for IDS, however, whenever we logon to the server via RDC or connect to MySQL it reports an alert in the log. We have a fixed IP here, so is there a way to tell Snort to not alert for anything from this IP address.
At least two: 1. Pass rule (don't forget starting Snort with -o) 2. LSF filter (same as BPF filter L -> Linux) See many postings on this as well as the FAQ. Seems you have many false positives for me too... Regards, Edin
Thanks. Best Regards, Andrew Dixon. MSO.net Email: andrew.dixon () mso net
-- Edin Dizdarevic ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- IP Address Exclusion Andrew Dixon (Aug 27)
- Re: IP Address Exclusion Erek Adams (Aug 27)
- Re: IP Address Exclusion Edin Dizdarevic (Aug 27)