Snort mailing list archives
RE: ignore a single host
From: "Keith Pachulski" <keithp () corp ptd net>
Date: Mon, 22 Nov 2004 11:46:17 -0500
one of many ways.. pass udp 12.170.222.13 any -> $HOME_NET 161 (msg:"SNMP request udp"; reference:bugtraq,4088; reference:bugtraq,4089; reference:bugtraq,4132; reference:cve,2002-0012; reference:cve,2002-0013; classtype:attempted-recon; sid:1417; rev:9;) -----Original Message----- From: isp [mailto:isp () bnjcomp com] Sent: Sunday, November 21, 2004 4:44 AM To: snort-users () lists sourceforge net Subject: [Snort-users] ignore a single host Can't quit figure out how to ignore a single computer. I have a computer which continuously gets following alert. It is because it is making lots of SNMP requests which is what it is suppose to do. How do I get snort to ignore a single host like this or just ignore this particular alert? thanks terry [**] [1:1417:9] SNMP request udp [**] [Classification: Attempted Information Leak] [Priority: 2] 11/21-03:37:59.626234 12.170.222.13:53965 -> 12.170.222.148:161 UDP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:118 DF Len: 90 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012 http://www.securityfocus.com/bid/4132] http://www.securityfocus.com/bid/4089] http://www.securityfocus.com/bid/4088] ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ignore a single host isp (Nov 22)
- Re: ignore a single host Matt Kettler (Nov 22)
- Re: ignore a single host Alex Butcher, ISC/ISYS (Nov 23)
- <Possible follow-ups>
- RE: ignore a single host Keith Pachulski (Nov 22)
- RE: ignore a single host Shnitko, Maxim {PBG} (Nov 22)
- RE: ignore a single host Shnitko, Maxim {PBG} (Nov 23)
- Re: ignore a single host Matt Kettler (Nov 22)