Snort mailing list archives
Re: Customizing snort rules
From: "AJ Butcher, Information Systems and Computing" <Alex.Butcher () bristol ac uk>
Date: Tue, 06 Apr 2004 11:53:40 +0100
--On 06 April 2004 14:29 +0530 simonkc () netsol co in wrote:
Hi, Can anyone point me in the direction of any document explaining how to customize snort rules. I have a situation wherein the Snort IDS is alerting even for normal SNMP requests and traps. How do it disable these alerts for only specific SNMP management stations but keep the SNMP rule turned on??
Something like this: var SNMP_MGMT_STATIONS [10.1.1.2/32,192.168.31.5/32,10.10.10.0/24] [...]comment out the affected rules and copy them, replacing the source mask (probably $EXTERNAL_NET) with !SNMP_MGMT_STATIONS (i.e. anything but your designated SNMP management stations).
Thanks and Regards Simon
HTH, Alex. -- Alex Butcher: Security & Integrity, Personal Computer Systems Group Information Systems and Computing GPG Key ID: F9B27DC9 GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9 ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Customizing snort rules simonkc (Apr 06)
- Re: Customizing snort rules Edin Dizdarevic (Apr 06)
- Re: Customizing snort rules AJ Butcher, Information Systems and Computing (Apr 06)
- Re: Customizing snort rules Rodrigo B. Ramos (Apr 07)
- <Possible follow-ups>
- RE: Customizing snort rules simonkc (Apr 06)
- Re: Customizing snort rules Edin Dizdarevic (Apr 06)