Snort mailing list archives

Previous By Date Next
Previous By Thread Next

(no subject)

From: <wfz () ciudad com ar>
Date: Fri, 05 Dec 2003 11:28:36 -0300
Does someone know if it is possible to configure the stream4 preprocessor to ignore one single host?
I´m receiving alerts for a kind of traffic I know is legal, and I want to filter them.
I´ve generated a rule and 'include'd it into the snort.conf file as permitted.rules:

pass tcp 'source_ip' 721 -> 'dest_ip' 515

but I still receive the alarms.
I also added :

preprocessor portscan-ignorehosts <source_ip>

but still receive alarms from spp_portscan with that source ip address.
Can someone point me in the right direction?

Rgds.
__________________________________________________

Todavía no tenés tu Ciudad Internet Mail? Obtenelo ahora! - http://webmail.ciudad.com.ar

Descargá Gratis el nuevo Internet Explorer 6.0, el mejor software para actualizar tu PC.
http://www.ciudad.com.ar/ar/servicios/ie/



-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: