snort exception

["Endre Szekely-Bencedi" <Endre.Szekely-Bencedi () hu-tcs com>]

Hi All,

My question is the following:
My default snort config includes alerts for certain SNMP packets.
Now, if I have an external (not on home_net) address that is collecting
data for MRTG from my router, what can I do so it won't appear in the
alerts?

If possible I wouldn't add the whole IP address to a 'trusted' list or
however it is done.. just to let snort know that it is legitly getting data
from the SNMP of the router. That is a corporate machine and I don't even
know where it is physically, so I do handle the corporate network as
potentially 'hostile', but there is a lot of legitimate traffic (too)
between our subnet and corporate network (all over the world).

Greetings,
Endre Szekely-Bencedi

"THIS E-MAIL MESSAGE ALONG WITH ANY ATTACHMENTS IS INTENDED ONLY FOR THE
ADDRESSEE and may contain confidential and privileged information. If the
reader of this message is not the intended recipient, you are notified that
any dissemination, distribution or copy of this communication is strictly
prohibited. If you have received this message by error, please notify us
immediately, return the original mail to the sender and delete the message
from your system."



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users