Snort mailing list archives
Re: Disable alerts from certain machines
From: Martin Roesch <roesch () sourcefire com>
Date: Wed, 31 Mar 2004 08:24:57 -0500
Hi Ken,The best way to do it is with a BPF filter either at the command line or in a filter file that you load with 'snort -F <bpf file>'. Snort is capable of running BPF filters just like tcpdump. Doing this will prefilter the packets before they get into Snort at all, so it will effectively disable *all* alerts to that machine including preprocessor alerts.
-Marty
On Mar 12, 2004, at 11:33 AM, Whitfield, Ken wrote:
Greetings,How do I disable ALL alerts generated from certain hosts based upon src address? Is it possible?Thanks, Ken----------------------------------------------------------------------- ------- This electronic mail and any files transmitted with it are confidential and are intended solely for the use of individual or entity to whom they are addressed. If you are not the intended recipient or the person responsible for delivering the electronic mail to the intended recipient, be advised that you have received this electronic mail in error and that any use, dissemination, forwarding, printing, or copying of this electronic mail is strictly prohibited. If you have received this electronic mail in error, please immediately notify the sender by return mail. ======================================================================= =======
-- Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616 Sourcefire: Intelligent Security Monitoring roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Disable alerts from certain machines Whitfield, Ken (Mar 12)
- RE: Disable alerts from certain machines Jerry Shenk (Mar 12)
- RE: Disable alerts from certain machines - Not working for me? Snortty (Mar 25)
- RE: Disable alerts from certain machines - Not working for me? Andreas Östling (Mar 25)
- RE: Disable alerts from certain machines - Not working for me? rodrigo . ramos (Mar 26)
- RE: Disable alerts from certain machines - Not working for me? Snortty (Mar 26)
- RE: Disable alerts from certain machines - Not working for me? Snortty (Mar 25)
- RE: Disable alerts from certain machines Jerry Shenk (Mar 12)
- Re: Disable alerts from certain machines Martin Roesch (Mar 31)