Re: Fwd: Delivery Status Notification (Failure)

[Jason Wallace <jason.r.wallace () gmail com>]

If you never want any alert to be generated between two clients on
specific ports I would use a BPF filter to exclude that communication
from inspection.

On Thu, Sep 22, 2011 at 3:39 PM, Nabyl Benmlih <nabylb () stptech com> wrote:
> hi
>  I have 2 hosts that are set to communicate on specific port, I'd like
> to exclude that couple ip/port from the alerts while any other ip do
> create an alert.
>
>  for instance server is on 192.168.0.1 client is on 192.168.5.1
> communication is 192.168.0.1 <--192.168.5.1:4444 snort detects and
> create alerts because the 192.168.5.1:4444 is open.
>  I'd like for the specific case of 192.168.0.1 <--192.168.5.1:4444 not
> to have any alerts yet if any other host/client goes to 192.168.5.1:4444
> to generate alerts how would i do that ? I have around 15 couples those
> ip/port to exempt from generating alerts
>
> Otherwise running : Snort Version 2.8.5.3 (Build 124) '''' By Martin
> Roesch & The Snort Team: http://www.snort.org/snort/snort-team Copyright
> (C) 1998-2009 Sourcefire, Inc., et al. Using PCRE version: 6.6
> 06-Feb-2006 on centos: Linux Holopinos 2.6.18-238.19.1.el5 #1 SMP Fri
> Jul 15 07:32:29 EDT 2011 i686 i686 i386 GNU/Linux (i'll upgrade snort
> after I fix this issue)
>
>  Thanks in advance
>
> ------------------------------------------------------------------------------
> All the data continuously generated in your IT infrastructure contains a
> definitive record of customers, application performance, security
> threats, fraudulent activity and more. Splunk takes this data and makes
> sense of it. Business sense. IT sense. Common sense.
> http://p.sf.net/sfu/splunk-d2dcopy1
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!