Snort mailing list archives
Re: Whitelist IP's?
From: waldo kitty <wkitty42 () windstream net>
Date: Tue, 08 Jul 2014 19:57:48 -0400
On 7/8/2014 7:03 PM, Joel Esler (jesler) wrote:
On Jul 8, 2014, at 3:48 PM, waldo kitty wrote:On 7/8/2014 1:49 PM, Jeff Meigs wrote:Hey Everyone, Trying to whitelist an IP so I don’t receive alerts from it. Do I do this in the threshold.conf? If so whats the proper way to write it?try the reputation processor instead... whitelist the IPs you want to pass on without molestation... http://manual.snort.org/node176.html and here's a link to copy of the README.reputation file... https://github.com/jasonish/snort/blob/master/doc/README.reputationbpf the IP out is the correct answer.
that was my second option ;)
Putting the IP in the whitelist only whitelists the IP against the blacklist. It has no effect on the rest of the engine.
interesting to know... my testing in the past didn't reflect that but it was
limited testing for a specific environment... thanks for the clarification! i
hope the OP has a/the solution for their problem now ;)
--
NOTE: No off-list assistance is given without prior approval.
Please *keep mailing list traffic on the list* unless
private contact is specifically requested and granted.
------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Whitelist IP's? Jeff Meigs (Jul 08)
- Re: Whitelist IP's? waldo kitty (Jul 08)
- Re: Whitelist IP's? Joel Esler (jesler) (Jul 08)
- Re: Whitelist IP's? waldo kitty (Jul 08)
- Re: Whitelist IP's? Jeff Meigs (Jul 09)
- Re: Whitelist IP's? Y M (Jul 09)
- Re: Whitelist IP's? waldo kitty (Jul 10)
- FW: Whitelist IP's? Jeff Meigs (Jul 10)
- Re: FW: Whitelist IP's? Y M (Jul 10)
- Re: Whitelist IP's? Joel Esler (jesler) (Jul 08)
- Re: Whitelist IP's? waldo kitty (Jul 08)
- <Possible follow-ups>
- Whitelist IP's? Jeff Meigs (Jul 09)