Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Block host

From: Jens Krabbenhoeft <tschenz-snort-users () noris net>
Date: Tue, 5 Nov 2002 13:38:00 +0100
Paul,


scans, the stream4 preprocessor always detect the scans and log them.  Is
there anyway I can configure snort to ignore that host altogether?  I have


Just use a BPF filter (see
http://www.theadamsfamily.net/~erek/snort/ignore.txt and man tcpdump for
details).

Perhaps you might want to have a look at the snort-users lists archive
(http://marc.theaimsgroup.com/?l=snort-users&w=2&r=1&s=BPF&q=b).

In your case, the BPF expression would just be "not host
aaa.bbb.ccc.ddd".

HTH,

        Jens


-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm 
Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: