Snort mailing list archives
R: Alert from Internal Net as Attacker
From: Giuseppe Morici <giuseppe.morici () e-gate it>
Date: Tue, 12 Jan 2016 14:44:55 +0000
Hello, yes of course , already did , the home net , and external net are configured property. Distinti Saluti Giuseppe Morici Help Desk e-GATE s.r.l. Uff.: +39 0112306001 Fax:+39 0112309130 Mobile:+39 3280389284 [cid:image002.png@01D14D50.064877B0] www.e-gate.it<http://www.e-gate.it/> www.e-gate.to.it<http://www.e-gate.to.it/> The information contained in this e-mail message is attorney privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by telephone or e-mail. Da: Al Lewis (allewi) [mailto:allewi () cisco com] Inviato: martedì 12 gennaio 2016 15:33 A: Giuseppe Morici <giuseppe.morici () e-gate it>; snort-users () lists sourceforge net Oggetto: RE: Alert from Internal Net as Attacker Have you tried adding !10.0.10.100 to your HOME_NET or to the rule for that specific alert? Albert Lewis QA Software Engineer SOURCEfire, Inc. now part of Cisco 9780 Patuxent Woods Drive Columbia, MD 21046 Phone: (office) 443.430.7112 Email: allewi () cisco com<mailto:allewi () cisco com> From: Giuseppe Morici [mailto:giuseppe.morici () e-gate it] Sent: Tuesday, January 12, 2016 8:25 AM To: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net> Subject: [Snort-users] Alert from Internal Net as Attacker Hello, i've a question and hope that someone can give me some answer about. There is a possibility of exlude alert when the "source" it's a range of ip or aliases? The ip in source is an Internal net ip (of course is in whitelist and in Default list as home net) , infact the alert pop up but don't go in blocked list cause the ip is whitelisted. There is a possibility to exclude the alert only if source is internal net without disable the rules and let them to work for "real" attak? (this is just for limite the spam in alert list) Thanks for your help. [cid:image003.png@01D14D50.064877B0] Distinti Saluti Giuseppe Morici Help Desk e-GATE s.r.l. Uff.: +39 0112306001 Fax:+39 0112309130 Mobile:+39 3280389284 [cid:image002.png@01D14D50.064877B0] www.e-gate.it<http://www.e-gate.it/> www.e-gate.to.it<http://www.e-gate.to.it/> The information contained in this e-mail message is attorney privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by telephone or e-mail.
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Alert from Internal Net as Attacker Giuseppe Morici (Jan 12)
- Re: Alert from Internal Net as Attacker Al Lewis (allewi) (Jan 12)
- R: Alert from Internal Net as Attacker Giuseppe Morici (Jan 12)
- Re: Alert from Internal Net as Attacker Al Lewis (allewi) (Jan 12)
- Re: Alert from Internal Net as Attacker Alan Gao (Jan 12)
- Re: Alert from Internal Net as Attacker Joel Esler (jesler) (Jan 12)
- Re: Alert from Internal Net as Attacker Joel Esler (jesler) (Jan 12)
- R: Alert from Internal Net as Attacker Giuseppe Morici (Jan 12)
- Re: Alert from Internal Net as Attacker Al Lewis (allewi) (Jan 12)