Re: Customizing snort rules

[Edin Dizdarevic <edin.dizdarevic () interActive-Systems de>]

Hm,

if you take a look at those rules you may notice the data flow described 
by the rule is (except for the rules id 1415 and 1416) in this form:

EXTERNAL_NET -> HOME_NET (...)

There is no reason for snort to trigger otherwise as described. So you 
may want to check your configuration vars again.

Otherwise check the FAQ for the possibility how to blend out specific 
hosts from being seen by Snort or how to write special pass-Rules 
respectively.

Regards,
Edin

simonkc () netsol co in schrieb:

> Hi Edin,
>
> I have properly defined the HOME_NET and EXTERNAL_NET variables??
> The rules that are getting triggered are SNMP rules.i.e. whenever our NMS
> management server polls some devices,the rule triggers.
> I want to be able to disable these triggers for some specific IP hosts. The
> SNMP rule should not be disabled and continue to look for SNMP traffic.
>
>
> Thanks and Regards   
>
> Simon 
....

--
Edin Dizdarevic


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users