Snort mailing list archives
Re: *NEWBIE* Excluding Proxy Traffic from Snort?
From: Erek Adams <erek () theadamsfamily net>
Date: Thu, 14 Nov 2002 06:02:10 -0800 (PST)
On Thu, 14 Nov 2002, Matthew Gavin wrote:
Hi all, I'm new to Snort... still trying to work my way through the excellent documentation. I was hoping for an answer to a really simple question... I want to exclude any internal traffic hitting my Proxy from, my alert log... I am being barraged with the following every second... it's legit, and useless to me:
[...snip...] For two basic ways to ignore traffic, check out this [0] info.
var HOME_NET 203.xx.xx.0/24 var EXTERNAL_NET any
But the real answer: Change EXTERNAL_NET to !$HOME_NET . That ignores anything on the internal networks where 'any' looks at it as well. Cheers! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net [0] http://www.theadamsfamily.net/~erek/snort/ignore.txt ------------------------------------------------------- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- *NEWBIE* Excluding Proxy Traffic from Snort? Matthew Gavin (Nov 13)
- Re: *NEWBIE* Excluding Proxy Traffic from Snort? Erek Adams (Nov 14)
- <Possible follow-ups>
- RE: *NEWBIE* Excluding Proxy Traffic from Snort? McCammon, Keith (Nov 14)