Snort mailing list archives
RE: Ignorehosts still not working...
From: "Don" <Don () WeberOnTheWeb com>
Date: Thu, 19 Dec 2002 15:31:24 -0800
isn't IGNOREHOSTS a whitespace delimited entry? shouldnt you try preprocessor portscan-ignorehosts: 207.108.40.xx/32 207.108.40.xxx/32
-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Christopher Robert Cook Sent: Thursday, December 19, 2002 10:05 AM To: Marc Quibell Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Ignorehosts still not working... try inputting the DNS servers directly into the ignore hosts field (with the CIDR notation) CC Marc Quibell wrote:My snort cmd line is: /usr/local/bin/snort -o -q -i eth1 -c/usr/local/demarc/conf/snorteth1.confMy snorteth1.conf is as follows: var HOME_NET any var EXTERNAL_NET any var SMTP $HOME_NET var HTTP_SERVERS $HOME_NET var SQL_SERVERS $HOME_NET #var DNS_SERVERS $HOME_NET var DNS_SERVERS [207.108.40.xx,207.108.40.xxx] var HTTP_PORTS 80 var ORACLE_PORTS 1521 preprocessor defrag preprocessor stream2: timeout 10, ports 21 23 80 110 143, maxbytes 16384 preprocessor unidecode: 80 preprocessor rpc_decode: 111 preprocessor bo: -nobrute preprocessor telnet_decode preprocessor portscan: $HOME_NET 4 3 portscan.log preprocessor portscan-ignorehosts: $DNS_SERVERS preprocessor stream4: detect_scans, disable_evasion_alerts output database: log, mysql, user=snort_ike dbname=snortmasterpassword=ikeacc3ss host=192.168.45.111 sensor_name=ike.fbfs.com #BEGIN RULES: I cannot get it to ignore those two hosts. Suggestions? THanks. Marc ------------------------------------------------------- This SF.NET email is sponsored by: Geek Gift Procrastinating? Get the perfect geek gift now! Before the Holidays pass you by. T H I N K G E E K . C O M http://www.thinkgeek.com/sf/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------- This SF.NET email is sponsored by: Geek Gift Procrastinating? Get the perfect geek gift now! Before the Holidays pass you by. T H I N K G E E K . C O M http://www.thinkgeek.com/sf/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.NET email is sponsored by: Geek Gift Procrastinating? Get the perfect geek gift now! Before the Holidays pass you by. T H I N K G E E K . C O M http://www.thinkgeek.com/sf/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Ignorehosts still not working... Marc Quibell (Dec 19)
- Re: Ignorehosts still not working... Christopher Robert Cook (Dec 19)
- RE: Ignorehosts still not working... Don (Dec 19)
- <Possible follow-ups>
- RE: Ignorehosts still not working... Hicks, John (Dec 19)
- Re: Ignorehosts still not working... Marc Quibell (Dec 19)
- Re: Ignorehosts still not working... Christopher Robert Cook (Dec 19)