Snort mailing list archives
Re: ignore traffic from specific IP
From: Pedro Marinho <pppmarinho () gmail com>
Date: Fri, 9 Jul 2010 17:08:24 -0300
Thank you very much. I will use a bpf filter to accomplish this. 2010/7/9 Nick Moore <nmoore () sourcefire com>
Pedro, If I understand you correctly, what you may want to do is configure ignore_scanner in the sfportscan preprocessor. Please see README.sfportscan in your snort rules directory to get more information on how to configure this. Hope this helps and happy snorting! Nick On Fri, Jul 9, 2010 at 2:50 PM, Pedro Marinho <pppmarinho () gmail com>wrote:Hello gentlemen, How may i do to tell snort to ignore any traffic coming from or going to a specific IP ? the ports i know we can do this config ignore_ports: <list of ports> but i need to ignore a IP that scans the network.. ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users-- Nick Moore, SFCE, CISSP, CISA Sr. Systems Engineer Voice 708-336-9041 Email nick.moore () sourcefire com IM nickgmoore (Yahoo) nickgmoore38 (AIM) ,,_ o" )~ Sourcefire - The Creators of Snort '''' www.sourcefire.com www.snort.org
------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ignore traffic from specific IP Pedro Marinho (Jul 09)
- Re: ignore traffic from specific IP JJC (Jul 09)
- Re: ignore traffic from specific IP Pedro Marinho (Jul 09)
- Re: ignore traffic from specific IP Nick Moore (Jul 09)
- Re: ignore traffic from specific IP Pedro Marinho (Jul 09)
- Re: ignore traffic from specific IP JJC (Jul 09)