Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Network Variables

From: "Seth Dunn" <seth () d2ms com>
Date: Wed, 1 May 2013 06:43:24 -0400
Hey Michael, 
I will give that a try and see if that works.  I have not tried that
combination yet.

@Jeff,
Where are you seeing /16? Did I fat finger something?
I am trying to filter out /24 (255.255.255.0) for both networks.

-----Original Message-----
From: Michael Green [mailto:Michael.Green () gbst com] 
Sent: Wednesday, May 01, 2013 12:07 AM
To: Seth Dunn; waldo kitty; snort-users () lists sourceforge net
Subject: RE: [Snort-users] Network Variables

Try

not net 10.10.0.0/24  and not net 10.30.0.0/24

-----Original Message-----
From: Seth Dunn [mailto:seth () d2ms com]
Sent: Wednesday, 1 May 2013 12:18 PM
To: waldo kitty; snort-users () lists sourceforge net
Subject: Re: [Snort-users] Network Variables

My bpf file is ignore.bpf and has one line in it::
not net 10.10.0.0/24 || 10.30.0.0/24

I have also tried variations of that rule using ! instead of  not...
Using && instead of ||
I have also used the rule across two lines like not net 10.10.0.0/24 &&
not net 10.30.0.0/24 But that also did not work.

I have the bpf file defined in my snort.conf file :: config bpf_file:
D:\Snort\etc\ignore.bpf
I also call it with the switch -F d:\snort\etc\ignore.bpf

Still nothing.  Traffic is not ignored/filtered out....snort still
alerts on it.

-----Original Message-----
From: waldo kitty [mailto:wkitty42 () windstream net]
Sent: Tuesday, April 30, 2013 9:47 PM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Network Variables

On 4/30/2013 19:28, Seth Dunn wrote:

Right, and I set up the text file, and snort started and read the

file.

But it didn't filter out the traffic.
And I have followed the examples I have seen creating the file, but it



is not working as expected.


please post the contents of the file and the command line you used to
start snort...

--
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------
------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!

------------------------------------------------------------------------
------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and / or privileged
material that may be governed by confidential information provisions
contained in the agreement between GBST and your company. Any
disclosure, copying, distribution, or other use without the express
consent of the sender is prohibited. If you received this in error,
please contact the sender and delete the material from any computer. All
rights in the information transmitted, including copyright, are
reserved. Nothing in this message should be interpreted as a digital
signature that can be used to authenticate a document. No warranty is
given by the sender that any attachments to this email are free from
viruses or other defects.

------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: