Snort mailing list archives
Re: Ignore Host
From: Alberto Gonzalez <ag-snort () cerebro violating us>
Date: Tue, 15 Oct 2002 06:31:00 -0700
Ok, you have two basic options on ignoring hosts: BPF Filters Pass Rules <snip> Here is a basic example of how-to ignore a host with for each method. Are they perfect? No. Want to improve and/or correct them? Sure! Feel free! To ignore ICMP ECHO-REQUESTS (pings) and ICMP-ECHO REPLY's (ping reply) from host <foo> using BPF: not ( (icmp[0] = 8 or icmp[0] = 0) and host <foo> ) To ignore ALL ICMP traffic from host <foo> using a pass rule: pass icmp <foo> any -> $HOME_NET any And you _MUST_ start snort with the '-o' parameter for the pass rule to work correctly. <snip> this is taken from: http://www.theadamsfamily.net/~erek/snort/ignore.txt John Maestrale wrote:
How do I ignore a specific host.. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- The secret to success is to start from scratch and keep on scratching. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Ignore Host John Maestrale (Oct 14)
- Re: Ignore Host Alberto Gonzalez (Oct 15)