Snort mailing list archives

Re: HOWTO Ignore specific IP addresses

From: Dragos Ruiu <dr () kyx net>
Date: Tue, 13 May 2003 16:38:15 -0700


cd snort; cd doc; less FAQ; echo "yay!"


On May 13, 2003 09:38 am, Michael Parkinson wrote:

Hi All,

OK slowly going brain dead here.

Current set-up is two web servers attached to a SNAZ NFS server.

When I kick Snort into action it works fine BUT I get literally hundreds of
false positives :

BAD TRAFFIC bad frag bits
MISC Large UDP Packet

A simple solution is to tell Snort to ignore this server
completely....Simply put how do I get Snort to ignore this machine
completely?

All help appreciated.

With thanks

Mike

====================================================
http://www.ishop.co.uk/
Build on-line.
Buy online.
The only UK based complete e-commerce package.
====================================================
Michael Parkinson BSc.(Hons)
Technical Director
Intellnet Limited
5 Priors
London Road
Bishops Stortford
Herts
CM23 5ED
====================================================
Phone       : 01279 602800
DDI         : 01279 602805
Fax         : 01279 600815
Mobile        :       07770 380511
ICQ No.       :       47666166
E-mail        :       michael () intellnet net uk
                    michael () parkinson co uk
URL         :    http://www.intellnet.net.uk/
                    http://www.ishop.co.uk/
====================================================



-------------------------------------------------------
Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara
The only event dedicated to issues related to Linux enterprise solutions
www.enterpriselinuxforum.com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-- 
pgpkey http://dragos.com/ kyxpgp


-------------------------------------------------------
Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara
The only event dedicated to issues related to Linux enterprise solutions
www.enterpriselinuxforum.com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

HOWTO Ignore specific IP addresses Michael Parkinson (May 13)
- Re: HOWTO Ignore specific IP addresses Demetri Mouratis (May 13)
- Re: HOWTO Ignore specific IP addresses Edin Dizdarevic (May 13)
- Re: HOWTO Ignore specific IP addresses Dragos Ruiu (May 13)
- <Possible follow-ups>
- RE: HOWTO Ignore specific IP addresses Steven Rudolph (May 13)