Snort mailing list archives
Re: Stream preprocessor 3WHS port suppression
From: Andrea Venturoli <ml () netfence it>
Date: Thu, 7 Jul 2016 13:27:01 +0200
On 07/07/16 12:20, Rafael Paris wrote:
Hello. With threshold.conf you can ignore completely that signature by ip_src or ip_dst.
I know (although I thought it was deprecated in favour of an equivalent "suppress" rule).
I don't think there's an option to ignore the ports as well.
Is there a reason behind that? I mean, would it be sensible to support filtering by port or would that be illogical for whatever reason I'm not aware of? bye & Thanks av. ------------------------------------------------------------------------------ Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Stream preprocessor 3WHS port suppression Andrea Venturoli (Jul 07)
- Message not available
- Re: Stream preprocessor 3WHS port suppression Andrea Venturoli (Jul 07)
- Re: Stream preprocessor 3WHS port suppression Andrea Venturoli (Jul 13)
- Re: Stream preprocessor 3WHS port suppression wkitty42 (Jul 13)
- Re: Stream preprocessor 3WHS port suppression Andrea Venturoli (Jul 07)
- Message not available