Re: [Snort-users] Customizing snort rules
This is a discussion on Re: [Snort-users] Customizing snort rules within the Snort forums, part of the System Security and Security Related category; Hm, if you take a look at those rules you may notice the data flow described by the rule is (...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-06-2004
|
|||
|
|||
Re: [Snort-users] Customizing snort rules
Hm,
if you take a look at those rules you may notice the data flow described by the rule is (except for the rules id 1415 and 1416) in this form: EXTERNAL_NET -> HOME_NET (...) There is no reason for snort to trigger otherwise as described. So you may want to check your configuration vars again. Otherwise check the FAQ for the possibility how to blend out specific hosts from being seen by Snort or how to write special pass-Rules respectively. Regards, Edin simonkc@netsol.co.in schrieb: > Hi Edin, > > I have properly defined the HOME_NET and EXTERNAL_NET variables?? > The rules that are getting triggered are SNMP rules.i.e. whenever our NMS > management server polls some devices,the rule triggers. > I want to be able to disable these triggers for some specific IP hosts. The > SNMP rule should not be disabled and continue to look for SNMP traffic. > > > Thanks and Regards > > Simon ..... -- Edin Dizdarevic ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
