Re: Suppressing Source Messages from $HOME_NET

["Steve Brown" <Steve.Brown () ddpky com>]

What is the synthax or way to suppress all source addresses within
$HOME_NET and/or a range of addresses within the same suppress
statement?  I have $HOME_NET set to "var HOME_NET [x.x.x.1,x.x.x.255]"
and "var EXTERNAL_NET !$HOME_NET."  

 

I've tried the following without luck:

suppress gen_id 1, sig_id 1387, track by_src, ip $HOME_NET 

suppress gen_id 1, sig_id 1387, track by_src, ip [x.x.x.1,x.x.x.255]

suppress gen_id 1, sig_id 1387, track by_src, ip $INTERNAL 

Note: The $INTERNAL variable was a custom variable I created with the
same address range as $HOME_NET.  It was created in the snort.conf file.

 

 

Steve Brown

Systems Analyst

Delta Dental Plan of Kentucky

(502) 736-4646

Steve.Brown () ddpky com