Re: [Snort-users] Customizing snort rules
This is a discussion on Re: [Snort-users] Customizing snort rules within the Snort forums, part of the System Security and Security Related category; --On 06 April 2004 14:29 +0530 simonkc@netsol.co.in wrote: > Hi, > > Can anyone point me ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-06-2004
|
|||
|
|||
Re: [Snort-users] Customizing snort rules
--On 06 April 2004 14:29 +0530 simonkc@netsol.co.in wrote: > Hi, > > Can anyone point me in the direction of any document explaining how to > customize snort rules. > I have a situation wherein the Snort IDS is alerting even for normal SNMP > requests and traps. How do it disable these alerts for only specific SNMP > management stations but keep the SNMP rule turned on?? Something like this: var SNMP_MGMT_STATIONS [10.1.1.2/32,192.168.31.5/32,10.10.10.0/24] [...] comment out the affected rules and copy them, replacing the source mask (probably $EXTERNAL_NET) with !SNMP_MGMT_STATIONS (i.e. anything but your designated SNMP management stations). > Thanks and Regards > Simon HTH, Alex. -- Alex Butcher: Security & Integrity, Personal Computer Systems Group Information Systems and Computing GPG Key ID: F9B27DC9 GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9 ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
