Snort mailing list archives

Re: help with file bpf and ip 0.0.0.0

From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Wed, 20 Jan 2016 12:02:59 +0000

I think, if you have ids events from 0.0.0.0, then something is going on worse than the ability to bpf them out.


What is the alert?

--
Joel Esler
Manager, Talos Group
Sent from my iPhone

On Jan 20, 2016, at 4:47 AM, hernani coelho <hernani_coelho () msn com<mailto:hernani_coelho () msn com>> wrote:

nobody can help me??

On 18-01-2016 10:47, hernani coelho wrote:
hello,

i install snort and work but i receive much alerts from ip 0.0.0.0 , i
put in file BPF this -->

not ( ip host (192.168.1.66 or 0.0.0.0))

for the first ip it work but for ip 0.0.0.0 no work i receive much
alerts.

what can i do to ignore alerts from ip 0.0.0.0

can someone help me??

thanks

hernani


------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Re: help with file bpf and ip 0.0.0.0, (continued)
- - - Re: help with file bpf and ip 0.0.0.0 wkitty42 (Jan 20)
    - Re: help with file bpf and ip 0.0.0.0 Al Lewis (allewi) (Jan 20)
    - Re: help with file bpf and ip 0.0.0.0 wkitty42 (Jan 20)
    - Re: help with file bpf and ip 0.0.0.0 hernani coelho (Jan 20)
    - Re: help with file bpf and ip 0.0.0.0 Joel Esler (jesler) (Jan 20)
    - Re: help with file bpf and ip 0.0.0.0 hernani coelho (Jan 21)
    - Re: help with file bpf and ip 0.0.0.0 hernani coelho (Jan 21)
    - Re: help with file bpf and ip 0.0.0.0 Joel Esler (jesler) (Jan 21)
    - Re: help with file bpf and ip 0.0.0.0 hernani coelho (Feb 12)
    - Re: help with file bpf and ip 0.0.0.0 Al Lewis (allewi) (Feb 12)
  - Re: help with file bpf and ip 0.0.0.0 Joel Esler (jesler) (Jan 20)