Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Stream preprocessor 3WHS port suppression

From: Andrea Venturoli <ml () netfence it>
Date: Thu, 7 Jul 2016 13:27:01 +0200
On 07/07/16 12:20, Rafael Paris wrote:

Hello.
With threshold.conf you can ignore completely that signature by ip_src
or ip_dst.


I know (although I thought it was deprecated in favour of an equivalent 
"suppress" rule).




I don't think there's an option to ignore the ports as well.


Is there a reason behind that?
I mean, would it be sensible to support filtering by port or would that 
be illogical for whatever reason I'm not aware of?



  bye & Thanks
        av.

------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: