Re: [Snort-users] [RGSPAM] Re: [RGSPAM] exclude ip
This is a discussion on Re: [Snort-users] [RGSPAM] Re: [RGSPAM] exclude ip within the Snort forums, part of the System Security and Security Related category; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Use a BPF filter. When you start Snort, add in a filter at the ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-10-2006
|
|||
|
|||
Re: [Snort-users] [RGSPAM] Re: [RGSPAM] exclude ip
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Use a BPF filter. When you start Snort, add in a filter at the command line (or put it in a file and use the -F <filterfile> switch at the command line). For example: snort -c snort.conf not host 1.2.3.4 Try that. -Marty On Jul 10, 2006, at 10:07 AM, Al McGale wrote: > I've looked over the user guide, but I'm obviously not looking in > the right spot. In my environment there are some sensors that will > see traffic from multiple scanning stations. I've been adding the > scanners to the threshold.conf one by one for each rule they hit, > but I would much prefer to eliminate the scanner's IP addresses > completely for all rules. > > Can someone point me in the right direction on this? > > On 7/7/06, Lee Clemens <snort@leeclemens.net> wrote: If you want to > exclude it for one rule (or a few), just put it in > threshold.conf. Check out the user's guide for syntax... > > -----Original Message----- > From: snort-users-bounces@lists.sourceforge.net > [mailto:snort-users-bounces@lists.sourceforge.net ] On Behalf Of > Joel Esler > Sent: Friday, July 07, 2006 8:05 AM > To: fname lname > Cc: snort-users@lists.sourceforge.net > Subject: Re: [Snort-users] [RGSPAM] exclude ip > > Can you place it in 'EXTERNAL_NET'? > > J > > On Wed, Jul 05, 2006 at 05:08:45PM -0400, fname lname sent me: > > If I wanted to exclude an ip from the ids how will i go about > doing that. > > Ex is I wanted to exclude 1.2.3.4 from an smtp rule how can i > make that > > happen? > > > Using Tomcat but need to do more? Need to support web services, > security? > > Get stuff done quickly with pre-integrated technology to make > your job > easier > > Download IBM WebSphere Application Server v.1.0.1 based on Apache > Geronimo > > http://sel.as-us.falkag.net/sel? > cmd=lnk&kid=120709&bid=263057&dat=121642 > > > _______________________________________________ > > Snort-users mailing list > > Snort-users@lists.sourceforge.net > > Go to this URL to change user options or unsubscribe: > > https://lists.sourceforge.net/lists/...fo/snort-users > > Snort-users list archive: > > http://www.geocrawler.com/redir-sf.p...st=snort-users > > +--------------------------------------------------------------------- > + > Joel Esler Senior Security Consultant 1-706-627-2101 > Sourcefire Security for the /Real/ World -- http:// > www.sourcefire.com > Snort - Open Source Network IPS/IDS -- http://www.snort.org > GPG Key http://demo.sourcefire.com/jesler.pgp.key > +--------------------------------------------------------------------- > + > > Using Tomcat but need to do more? Need to support web services, > security? > Get stuff done quickly with pre-integrated technology to make your job > easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache > Geronimo > http://sel.as-us.falkag.net/sel? > cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...st=snort-users > > > > Using Tomcat but need to do more? Need to support web services, > security? > Get stuff done quickly with pre-integrated technology to make your > job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache > Geronimo > http://sel.as-us.falkag.net/sel? > cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...st=snort-users > > > ---------------------------------------------------------------------- > --- > Using Tomcat but need to do more? Need to support web services, > security? > Get stuff done quickly with pre-integrated technology to make your > job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache > Geronimo > http://sel.as-us.falkag.net/sel? > cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...st=snort-users - -- Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616 Sourcefire - Security for the Real World - http://www.sourcefire.com Snort: Open Source IDP - http://www.snort.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFEsmP9qj0FAQQ3KOARAje+AJwPbSyJxeguXE6KuUbljm NY5YSDAACcDJc5 yL4+GmRFzYkC9hZveNYG6+8= =7heJ -----END PGP SIGNATURE----- ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=...057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
