Re: FW: Whitelist IP's?

[Y M <snort () outlook com>]

> From: jmeigs () sunwestecu com
> To: snort-users () lists sourceforge net
> Date: Thu, 10 Jul 2014 16:59:32 +0000
> Subject: [Snort-users] FW:  Whitelist IP's?
>
> Hey Guys I'm still confused on this one. I'm not sure where the Whitelist Repuation processor is? I looked in 
> /etc/snort/ and /netfilter. 
> I'm somewhat new to snort so am I missing something? 
The reputation preprocessor configurations reside in snort.conf, and are usually right above "# Step #6 Configure 
output plugins".
YM
> Thanks,
> -Jeff
>
> -----Original Message-----
> From: waldo kitty [mailto:wkitty42 () windstream net] 
> Sent: Thursday, July 10, 2014 10:12 AM
> To: snort-users () lists sourceforge net
> Subject: Re: [Snort-users] Whitelist IP's?
>
> On 7/9/2014 6:33 PM, Y M wrote:
> >  >Putting the IP in the whitelist only whitelists the IP against the blacklist.
> >  >It has no effect on the rest of the engine.
> >
> > Joel,
> >
> > Even when white is set to trust? If I am reading the documentation 
> > correctly, it says "when white means trust, the packet gets bypassed, 
> > without further detection by snort". What does "...without further 
> > detection by snort" mean in this context?
>
> that's exactly what i was thinking of when i originally said "try the reputation processor instead... whitelist the 
> IPs you want to pass on without molestation..."
>
>
> -- 
>   NOTE: No off-list assistance is given without prior approval.
>         Please *keep mailing list traffic on the list* unless
>         private contact is specifically requested and granted.
>
> ------------------------------------------------------------------------------
> Open source business process management suite built on Java and Eclipse
> Turn processes into business applications with Bonita BPM Community Edition
> Quickly connect people, data, and systems into organized workflows
> Winner of BOSSIE, CODIE, OW2 and Gartner awards
> http://p.sf.net/sfu/Bonitasoft
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>
> ------------------------------------------------------------------------------
> Open source business process management suite built on Java and Eclipse
> Turn processes into business applications with Bonita BPM Community Edition
> Quickly connect people, data, and systems into organized workflows
> Winner of BOSSIE, CODIE, OW2 and Gartner awards
> http://p.sf.net/sfu/Bonitasoft
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!