Snort mailing list archives
RE: VPN and UDP alerts
From: "Slighter, Tim" <tslighter () itc nrcs usda gov>
Date: Fri, 25 Apr 2003 12:25:00 -0600
if ya do this...don't forget to declare a value for $VPN-NET in snort.conf var VPN-NET x.x.x.x -----Original Message----- From: Neil Dickey [mailto:neil () geol niu edu] Sent: Friday, April 25, 2003 11:51 AM To: allan () redwoods ca Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] VPN and UDP alerts "Allan Dover" <allan () redwoods ca> wrote asking:
Is there a way to not alert or log UDP:500 as source ? Would I make a rule to do this ? I havent ventured into rule making as of yet.
A "pass" rule in 'local.rules' would probably do the trick. Something like ... pass udp $VPN-NET 500 <> $HOME_NET any ... would probably do it. Then restart Snort, and make sure you're using the '-o' rule on the command line. Best regards, Neil Dickey, Ph.D. Research Associate/Sysop Geology Department Northern Illinois University DeKalb, Illinois 60115 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: VPN and UDP alerts, (continued)
- Re: VPN and UDP alerts Neil Dickey (Apr 25)
- Promiscuous interface hacks? Paul Schmehl (May 01)
- Re: Promiscuous interface hacks? Frank Knobbe (May 01)
- Re: Promiscuous interface hacks? Paul Schmehl (May 01)
- Re: Promiscuous interface hacks? Matt Kettler (May 01)
- Re: Promiscuous interface hacks? Paul Schmehl (May 01)
- Re: Promiscuous interface hacks? Matt Kettler (May 01)
- Re: Promiscuous interface hacks? Paul Schmehl (May 02)
- Promiscuous interface hacks? Paul Schmehl (May 01)
- Re: Promiscuous interface hacks? Frank Knobbe (May 01)
- Re: Promiscuous interface hacks? Paul Schmehl (May 02)
- Re: VPN and UDP alerts Neil Dickey (Apr 25)
- Re: VPN and UDP alerts Allan Dover (Apr 28)
- Re: VPN and UDP alerts Allan Dover (Apr 29)