Snort mailing list archives
RE: supress an IP address?
From: "Bristol, Gary L." <gbristol () ou edu>
Date: Thu, 28 Oct 2004 11:18:53 -0500
How about suppressing in the Threshold.conf a Class B or 1 ip or Two with a CIDR of 32 or 31. This works for me. suppress gen_id 1, sig_id 365, track by_src, ip 129.15.0.0/16 suppress gen_id 1, sig_id 384, track by_src, ip 129.15.0.0/16 suppress gen_id 1, sig_id 402, track by_src, ip 129.15.0.0/16 suppress gen_id 1, sig_id 469, track by_src, ip 129.15.3.67/32 suppress gen_id 1, sig_id 1411, track by_src, ip 129.15.10.77/31 suppress gen_id 1, sig_id 1419, track by_dst, ip 129.15.3.27/32 -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Larry Wichman Sent: Thursday, October 28, 2004 10:54 AM To: Snorty S Snortman Subject: [Snort-users] supress an IP address? It does not look like you can do this in the threshold.conf, but I would like to not see events from a couple of IP addresses. Does anyone know of a way to do this? Cheers, Larry __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------- This Newsletter Sponsored by: Macrovision For reliable Linux application installations, use the industry's leading setup authoring tool, InstallShield X. Learn more and evaluate today. http://clk.atdmt.com/MSI/go/ins0030000001msi/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This Newsletter Sponsored by: Macrovision For reliable Linux application installations, use the industry's leading setup authoring tool, InstallShield X. Learn more and evaluate today. http://clk.atdmt.com/MSI/go/ins0030000001msi/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- supress an IP address? Larry Wichman (Oct 28)
- RE: supress an IP address? Jeff Dell (Oct 28)
- <Possible follow-ups>
- RE: supress an IP address? Bristol, Gary L. (Oct 28)
- RE: supress an IP address? Larry Wichman (Oct 28)
- Re: supress an IP address? Jason (Oct 28)
- RE: supress an IP address? Larry Wichman (Oct 28)
- RE: supress an IP address? Shawn Kottke (Oct 28)
- RE: supress an IP address? Harper, Patrick (Oct 28)
- RE: supress an IP address? Esler, Joel - Contractor (Oct 28)