Snort mailing list archives

Re: Network Variables

From: Michael Green <Michael.Green () gbst com>
Date: Wed, 1 May 2013 04:06:41 +0000

Try

not net 10.10.0.0/24  and not net 10.30.0.0/24

-----Original Message-----
From: Seth Dunn [mailto:seth () d2ms com]
Sent: Wednesday, 1 May 2013 12:18 PM
To: waldo kitty; snort-users () lists sourceforge net
Subject: Re: [Snort-users] Network Variables

My bpf file is ignore.bpf and has one line in it::
not net 10.10.0.0/24 || 10.30.0.0/24

I have also tried variations of that rule using ! instead of  not...
Using && instead of ||
I have also used the rule across two lines like not net 10.10.0.0/24 && not net 10.30.0.0/24 But that also did not work.

I have the bpf file defined in my snort.conf file :: config bpf_file:
D:\Snort\etc\ignore.bpf
I also call it with the switch -F d:\snort\etc\ignore.bpf

Still nothing.  Traffic is not ignored/filtered out....snort still alerts on it.

-----Original Message-----
From: waldo kitty [mailto:wkitty42 () windstream net]
Sent: Tuesday, April 30, 2013 9:47 PM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Network Variables

On 4/30/2013 19:28, Seth Dunn wrote:

Right, and I set up the text file, and snort started and read the

file.

But it didn't filter out the traffic.
And I have followed the examples I have seen creating the file, but it

is not working as expected.


please post the contents of the file and the command line you used to start snort...

--
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------
------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production 
application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead Download for free and get started troubleshooting 
in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production 
application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead Download for free and get started troubleshooting 
in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
The information transmitted is intended only for the person or entity to which it is addressed and may contain 
confidential and / or privileged material that may be governed by confidential information provisions contained in the 
agreement between GBST and your company. Any disclosure, copying, distribution, or other use without the express 
consent of the sender is prohibited. If you received this in error, please contact the sender and delete the material 
from any computer. All rights in the information transmitted, including copyright, are reserved. Nothing in this 
message should be interpreted as a digital signature that can be used to authenticate a document. No warranty is given 
by the sender that any attachments to this email are free from viruses or other defects.

------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Network Variables Seth Dunn (Apr 29)
- Re: Network Variables Seth Dunn (Apr 30)
  - Re: Network Variables Jeremy Hoel (Apr 30)
    - Re: Network Variables Seth Dunn (Apr 30)
    - Re: Network Variables Jeremy Hoel (Apr 30)
    - Re: Network Variables Seth Dunn (Apr 30)
    - Re: Network Variables waldo kitty (Apr 30)
    - Re: Network Variables Seth Dunn (Apr 30)
    - Re: Network Variables Michael Green (Apr 30)
    - Re: Network Variables Seth Dunn (May 01)
    - Re: Network Variables Seth Dunn (May 01)
    - Re: Network Variables waldo kitty (May 01)
    - Re: Network Variables Seth Dunn (May 01)
    - Re: Network Variables waldo kitty (May 01)
    - Re: Network Variables Russ Combs (May 01)
    - Re: Network Variables Seth Dunn (May 02)
    - Re: Network Variables James Lay (May 02)
    - Re: Network Variables Seth Dunn (May 02)
    - Re: Network Variables Seth Dunn (May 02)

(Thread continues...)