Snort mailing list archives
RE: Excluding IPs in HOME_NET?
From: "Harper, Patrick" <patrick.harper () phns com>
Date: Thu, 3 Jun 2004 09:59:02 -0500
For what your trying to do I believe a pass rule for those IP's is what your looking for. It will cause Snort to ignore everything form those IP's. Check out the manual and FAQ for more info on them (I think it is in there) or search the archives for this list. I know they have been discussed. Hope that helps. -----Original Message----- From: Paul Martin [mailto:pmartin () hgvc com] Sent: Thursday, June 03, 2004 7:02 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Excluding IPs in HOME_NET? I've been wrestling with this for a few days, with little success. I currently have my HOME_NET variable set to our internal network (Class B): var HOME_NET X.X.0.0/16 However, there are a few IP addresses that we will be doing testing from, and I don't want Snort to pay any attention to these machines. I have tried to redo the HOME_NET variable like - var HOME_NET [X.X.0.0/16,!X.X.Y.0/24] - to no avail var HOME_NET [X.X.Y.A, X.X.Y.B, X.X.Y.C] - didn't work either I don't want to run multiple instances of Snort or any other workarounds like that, I just want Snort to globally ignore traffic coming from a few specific IP addresses. Has anyone successfully managed to get this working? Paul Martin Network Technician Hilton Grand Vacations Co. (407) 393-3034 pmartin () hgvc com ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Disclaimer: This electronic message, including any attachments, is confidential and intended solely for use of the intended recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have received this message in error, please delete it and notify the sender immediately. ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Excluding IPs in HOME_NET? Harper, Patrick (Jun 03)
- <Possible follow-ups>
- RE: Excluding IPs in HOME_NET? SRH-Lists (Jun 03)
- RE: Excluding IPs in HOME_NET? AJ Butcher, Information Systems and Computing (Jun 04)
- flowbits together with stream4_reassemble question Per Kristian Johnsen (Jun 09)
- RE: Excluding IPs in HOME_NET? AJ Butcher, Information Systems and Computing (Jun 04)