Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NFS file copy vs. snort ???

From: Michael D Schleif <mds () helices org>
Date: Mon, 6 Sep 2004 15:38:20 -0500
Omar =>

* Omar McKenzie <omckenzi () nyc rr com> [2004:09:06:14:48:50-0400] scribed:

Michael,
Try writing a pass rule and/orBPF filter for the NFS traffic between the
hosts.  This will allow snort to ignore the NFS traffic.

BPF filters are probably more efficient in your case.


Thank you.

I had tried some things with these, apparently misconfigured them, and
when they did not `work', I concluded that I did not know what I was
doing.  That is when I solicited this list.

Now that you mention this, I re-visited it, and after several logic
gaffs with the BPF syntax, I now have working BPF filters.  In fact,
these filters do exactly as I require, and nothing more.

Thank you, for your patience and your guidance.

HAND

-- 
Best Regards,

mds
-
Dare to fix things before they break . . .
-
Our capacity for understanding is inversely proportional to how much
we think we know.  The more I know, the more I know I don't know . . .
--

Attachment: signature.asc
Description: Digital signature

Previous By Date Next
Previous By Thread Next

Current thread: