Snort mailing list archives
Re: How can i stop alerts that come from my own ip range?
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 5 May 2010 11:47:59 -0400
You can either use the ignore_scanners setting within sfportscan, or shutoff the portscan preprocessor completely. Ask yourself why you need to look at portscans On Wed, May 5, 2010 at 11:46 AM, Pat McNamara <pmcnamara () nic nu> wrote:
Thanks i am beginning to see the alerts I want to not write to the DB are port scan from my mail server. How can i do this. Thanks On May 5, 2010, at 11:40 AM, Joel Esler wrote: Yeah, I wouldn't do a pass rule at all. Sounds like to me, exactly what Matt said. Define your HOME_NET as the network you want to protect. EXTERNAL_NET, leave as any. Go from there. On Wed, May 5, 2010 at 11:36 AM, Stephen Mullins < steve.mullins.work () gmail com> wrote:You could just create 3 pass rules (tcp, udp, icmp) based on your $HOME_NET variable. Wouldn't recommend it, though, since traffic from your home net may be indicative of trojan call backs and so forth. You want to pass all traffic with a source IP within your $HOME_NET variable with a destination that you didn't state. I suppose you want to pass all home_net to home_net traffic? Passing all home_net to !home_net traffic would be a "pretty bad idea." Steve Mullins On Wed, May 5, 2010 at 10:42 AM, Pat McNamara <pmcnamara () nic nu> wrote:Hi all, what I am trying to do is any alerts that come from my ip range is tohavesnort disregard them and not even write them to the MySql database. Ithinkit must be some how set in the external_Net but I can't seem to figureitout. Thanks Pat Pat McNamara IT Systems Administrator .NU domain, Ltd. Worldnames, Inc. +1-508-359-5600 x116 pmcnamara () nic nu------------------------------------------------------------------------------_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-usersPat McNamara IT Systems Administrator .NU domain, Ltd. Worldnames, Inc. +1-508-359-5600 x116 pmcnamara () nic nu
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- How can i stop alerts that come from my own ip range? Pat McNamara (May 05)
- Re: How can i stop alerts that come from my own ip range? Matt Olney (May 05)
- Re: How can i stop alerts that come from my own ip range? Joel Esler (May 05)
- Re: How can i stop alerts that come from my own ip range? Stephen Mullins (May 05)
- Re: How can i stop alerts that come from my own ip range? Joel Esler (May 05)
- Re: How can i stop alerts that come from my own ip range? Pat McNamara (May 05)
- Re: How can i stop alerts that come from my own ip range? Joel Esler (May 05)
- Re: How can i stop alerts that come from my own ip range? Matt Olney (May 05)
- Re: How can i stop alerts that come from my own ip range? Paul Schmehl (May 06)
- Re: How can i stop alerts that come from my own ip range? Joe Pampel (May 06)
- Re: How can i stop alerts that come from my own ip range? Seth Art (May 06)
- Re: How can i stop alerts that come from my own ip range? Paul Schmehl (May 07)
- Re: How can i stop alerts that come from my own ip range? Joel Esler (May 05)
- Re: How can i stop alerts that come from my own ip range? Matt Olney (May 05)