Re: [Emerging-Sigs] How to exclude one IP address from HOME_NET

[Joel Esler <jesler () sourcefire com>]

Glad it helps!


On Oct 1, 2012, at 5:33 PM, Jack Pepper <pepperjack () afferentsecurity com> wrote:

> I did not know this was available.  that's a way better (and more inuitive) solution.  
>       ipvar EXAMPLE [1.1.1.1,2.2.2.0/24,![2.2.2.2,2.2.2.3]] 
> jp
>
> On Mon, Oct 1, 2012 at 4:26 PM, Joel Esler <jesler () sourcefire com> wrote:
> On Oct 1, 2012, at 3:20 PM, Jack Pepper <pepperjack () afferentsecurity com> wrote:
>
> > the subject of how to exclude one IP address from HOME_NET still comes up occasionally.  Usually it's a proxy 
> > server.  I wrote a little program a long time ago (2008?) to create a HOME_NET statement with the proxy address 
> > excluded.  Herewith I offer it to the public (should a done that a long time ago).
> >      http://www.autoshun.org/exclusion.asp
>
> Please see this section of the Snort Manual:
>
> http://manual.snort.org/node16.html#SECTION00312000000000000000
>
> As it references how to exclude certain IPs within a variable.
>
> Also Cc'ing the Snort-users list, as this is a Snort issue (not an emerging-sigs issue) and someone may find it 
> useful.
>
> --
> Joel Esler
> Senior Research Engineer, VRT
> OpenSource Community Manager
> Sourcefire

------------------------------------------------------------------------------
Got visibility?
Most devs has no idea what their production app looks like.
Find out how fast your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219671;13503038;y?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!