RE: VPN and UDP alerts

["Slighter, Tim" <tslighter () itc nrcs usda gov>]

if ya do this...don't forget to declare a value for $VPN-NET in snort.conf

var VPN-NET x.x.x.x

-----Original Message-----
From: Neil Dickey [mailto:neil () geol niu edu]
Sent: Friday, April 25, 2003 11:51 AM
To: allan () redwoods ca
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] VPN and UDP alerts



"Allan Dover" <allan () redwoods ca> wrote asking:

> Is there a way to not alert or log UDP:500 as source ?  Would I make a rule
> to do this ?  I havent ventured into rule making as of yet.

A "pass" rule in 'local.rules' would probably do the trick.  Something
like ...

  pass udp $VPN-NET 500 <> $HOME_NET any

... would probably do it.  Then restart Snort, and make sure you're
using the '-o' rule on the command line.

Best regards,

Neil Dickey, Ph.D.
Research Associate/Sysop
Geology Department
Northern Illinois University
DeKalb, Illinois
60115




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users