Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Excluding particular IP address ranges from sca ns

From: "Kaplan, Andrew H." <AHKAPLAN () PARTNERS ORG>
Date: Wed, 29 Oct 2003 13:33:12 -0500
Ralf --

Do you have a generic bdf_rules_file that I can use as a model for setting
up the filtering? Thanks.

-----Original Message-----
From: Ralf Spenneberg [mailto:lists () spenneberg org]
Sent: Wednesday, October 29, 2003 12:49 PM
To: Kaplan, Andrew H.
Cc: 'snort-users () lists sourceforge net'
Subject: Re: [Snort-users] Excluding particular IP address ranges from
scans


Am Mit, 2003-10-29 um 17.29 schrieb Kaplan, Andrew H.:

I am configuring Snort to monitor two of our servers which are outside the
firewall. The last bit of tinkering I need 
to do is to prevent network traffic from systems within three different ip
address ranges from being monitored. The 
reasoning behind this is that the above groups of ip addresses are part of
our internal network. The idea behind 
this configuration is to monitor traffic coming exclusively from the
Internet and not from our internal network. 

How would I configure the snort.conf file to exclude the internal network
address ranges? Thanks.

a) You can use pass rules. Remember to change the rule-ordering using
the -o Option.
b) You can use bpf filters.

Cheers,

Ralf
-- 
Ralf Spenneberg
RHCE, RHCX

Book: Intrusion Detection für Linux Server   http://www.spenneberg.com
IPsec-Howto                                  http://www.ipsec-howto.org
Honeynet Project Mirror:                     http://honeynet.spenneberg.org


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: