Snort mailing list archives
RE: Disable alerts from certain machines - Not working for me?
From: rodrigo.ramos () triforsec com br
Date: Fri, 26 Mar 2004 06:18:05 -0600
Hi, You can try something using the -> Event suppression <-. Let me know if it resolved your problem Best regards, Rodrigo Ramos http://www.triforsec.com.br http://www.defenselayer.com Quoting Andreas Östling <andreaso () it su se>:
On Thu, 25 Mar 2004, Snortty wrote:Jerry and All, I want to do exactly the below, to disable ANY and ALL alerts from certian IPs (dedicated scanners), and I used the tips below by either: pass ip 10.1.1.1 any -> any any... Disabling all alerts from a host and using pass rules to pass all traffic from that host is not the same thing. Pass rules has no effect on alerts generated by preprocessors for example, although you don't mention if that's the case here. Btw, I tried to write a little document describing these things, http://people.su.se/~andreaso/docs/README.avoiding_alerts It's still kind of a beta so I'd appreciate any comments/suggestions from anyone. /Andreas ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Disable alerts from certain machines Whitfield, Ken (Mar 12)
- RE: Disable alerts from certain machines Jerry Shenk (Mar 12)
- RE: Disable alerts from certain machines - Not working for me? Snortty (Mar 25)
- RE: Disable alerts from certain machines - Not working for me? Andreas Östling (Mar 25)
- RE: Disable alerts from certain machines - Not working for me? rodrigo . ramos (Mar 26)
- RE: Disable alerts from certain machines - Not working for me? Snortty (Mar 26)
- RE: Disable alerts from certain machines - Not working for me? Snortty (Mar 25)
- RE: Disable alerts from certain machines Jerry Shenk (Mar 12)
- Re: Disable alerts from certain machines Martin Roesch (Mar 31)