Snort mailing list archives
snort exception
From: "Endre Szekely-Bencedi" <Endre.Szekely-Bencedi () hu-tcs com>
Date: Tue, 23 Nov 2004 16:55:33 +0100
Hi All, My question is the following: My default snort config includes alerts for certain SNMP packets. Now, if I have an external (not on home_net) address that is collecting data for MRTG from my router, what can I do so it won't appear in the alerts? If possible I wouldn't add the whole IP address to a 'trusted' list or however it is done.. just to let snort know that it is legitly getting data from the SNMP of the router. That is a corporate machine and I don't even know where it is physically, so I do handle the corporate network as potentially 'hostile', but there is a lot of legitimate traffic (too) between our subnet and corporate network (all over the world). Greetings, Endre Szekely-Bencedi "THIS E-MAIL MESSAGE ALONG WITH ANY ATTACHMENTS IS INTENDED ONLY FOR THE ADDRESSEE and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are notified that any dissemination, distribution or copy of this communication is strictly prohibited. If you have received this message by error, please notify us immediately, return the original mail to the sender and delete the message from your system." ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort exception Endre Szekely-Bencedi (Nov 23)
- Re: snort exception Matt Kettler (Nov 23)