Snort mailing list archives
Whitelist IP's?
From: Jeff Meigs <jmeigs () sunwestecu com>
Date: Wed, 9 Jul 2014 14:03:48 +0000
Sorry If this is just a silly Question, but I'm still confused on this. Reading both of those doesn't help me. I can't even find the Reputation files on the boxes I have Snort running. I don't see it in /etc/snort or any of the subdirectories. I don't see it in the /netfilter either. Am I missing something here? What do you mean BPF the IP? Again Fairly new to snort so I apologize if the answer is easy but I'm not getting it. -----Original Message----- From: waldo kitty [mailto:wkitty42 () windstream net] Sent: Tuesday, July 08, 2014 6:01 PM To: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net> Subject: Re: [Snort-users] Whitelist IP's? On 7/8/2014 7:03 PM, Joel Esler (jesler) wrote:
On Jul 8, 2014, at 3:48 PM, waldo kitty wrote:On 7/8/2014 1:49 PM, Jeff Meigs wrote:Hey Everyone, Trying to whitelist an IP so I don't receive alerts from it. Do I do this in the threshold.conf? If so whats the proper way to write it?try the reputation processor instead... whitelist the IPs you want to pass on without molestation... http://manual.snort.org/node176.html and here's a link to copy of the README.reputation file... https://github.com/jasonish/snort/blob/master/doc/README.reputationbpf the IP out is the correct answer.
that was my second option ;)
Putting the IP in the whitelist only whitelists the IP against the blacklist. It has no effect on the rest of the engine.
interesting to know... my testing in the past didn't reflect that but it was limited testing for a specific environment... thanks for the clarification! i hope the OP has a/the solution for their problem now ;) -- NOTE: No off-list assistance is given without prior approval. Please *keep mailing list traffic on the list* unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Whitelist IP's? Jeff Meigs (Jul 08)
- Re: Whitelist IP's? waldo kitty (Jul 08)
- Re: Whitelist IP's? Joel Esler (jesler) (Jul 08)
- Re: Whitelist IP's? waldo kitty (Jul 08)
- Re: Whitelist IP's? Jeff Meigs (Jul 09)
- Re: Whitelist IP's? Y M (Jul 09)
- Re: Whitelist IP's? waldo kitty (Jul 10)
- FW: Whitelist IP's? Jeff Meigs (Jul 10)
- Re: FW: Whitelist IP's? Y M (Jul 10)
- Re: Whitelist IP's? Joel Esler (jesler) (Jul 08)
- Re: Whitelist IP's? waldo kitty (Jul 08)
- <Possible follow-ups>
- Whitelist IP's? Jeff Meigs (Jul 09)