Snort mailing list archives
RE: Excluding particular IP address ranges from sca ns
From: "Kaplan, Andrew H." <AHKAPLAN () PARTNERS ORG>
Date: Wed, 29 Oct 2003 13:33:12 -0500
Ralf -- Do you have a generic bdf_rules_file that I can use as a model for setting up the filtering? Thanks. -----Original Message----- From: Ralf Spenneberg [mailto:lists () spenneberg org] Sent: Wednesday, October 29, 2003 12:49 PM To: Kaplan, Andrew H. Cc: 'snort-users () lists sourceforge net' Subject: Re: [Snort-users] Excluding particular IP address ranges from scans Am Mit, 2003-10-29 um 17.29 schrieb Kaplan, Andrew H.:
I am configuring Snort to monitor two of our servers which are outside the firewall. The last bit of tinkering I need to do is to prevent network traffic from systems within three different ip address ranges from being monitored. The reasoning behind this is that the above groups of ip addresses are part of our internal network. The idea behind this configuration is to monitor traffic coming exclusively from the Internet and not from our internal network. How would I configure the snort.conf file to exclude the internal network address ranges? Thanks.
a) You can use pass rules. Remember to change the rule-ordering using the -o Option. b) You can use bpf filters. Cheers, Ralf -- Ralf Spenneberg RHCE, RHCX Book: Intrusion Detection für Linux Server http://www.spenneberg.com IPsec-Howto http://www.ipsec-howto.org Honeynet Project Mirror: http://honeynet.spenneberg.org ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Excluding particular IP address ranges from sca ns Kaplan, Andrew H. (Oct 29)