Snort mailing list archives
Re: Blocking specific port or IP address
From: Steve Suppe <suppe2 () llnl gov>
Date: Mon, 21 Jun 2004 13:49:40 -0700
I'd recommend using a Berkeley Packet Filter - this will block Snort from ever seeing the packets.
BPFs are specified on the command line, such as./snort -c /etc/snort.conf <other snort switches you want> not port 35 and not host x.x.x.x
Just google for more tricks for syntax, but what this does is drop the specified packets before Snort ever sees them at all. Hope that's what you're looking for.
Steve Alina Lebrato wrote:
Is there a way to block Snort from capturing traffic to a specific IP address or TCP port. I have some valid traffic that I want to "rem" out. Thanks in advance for the replies.Alina Lebrato Guilford County Information Services Chief Security Officer (336) 641-7716 Phone (336) 641-4504 Fax alebrat () co guilford nc us <mailto:alebrat () co guilford nc us>E-mail correspondence to and from this address may be subject to the North Carolina Public Records Law and may be disclosed to third parties by an authorized county official. If you have received this communication in error , please do not distribute it. Please notify the sender by E-mail at the address shown and delete the original message.Thank you ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training.Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users
-- Respectfully, %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Steve Suppe Computer Scientist/Incident Responder Computer Incident Advisory Capability Phone: (925) 422-4528 Fax: (925) 423-8002 email: suppe2 () llnl gov CIAC Hotline: (925) 422-8193 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training.Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Blocking specific port or IP address Alina Lebrato (Jun 21)
- Re: Blocking specific port or IP address sekure (Jun 21)
- Re: Blocking specific port or IP address Eric Hines (Jun 21)
- Re: Blocking specific port or IP address Steve Suppe (Jun 22)