Snort mailing list archives
Re: New Suppress
From: JJ Cummings <cummingsj () gmail com>
Date: Thu, 24 Sep 2009 09:53:30 -0400
BPF would also be a good option... Sent from the iRoad On Sep 24, 2009, at 9:29, Jason Wallace <jason.r.wallace () gmail com> wrote:
I would like to suppress all alerts from our external vulnerability scanning service. Their scans can come from numerous IP ranges. The README.filters states that for "suppress" "Multiple suppress commands may be defined for a given gid, sid" I know in the past you could only have one suppress gen_id 0, sig_id 0 statement in threshold.conf. Has this changed now? I'd like to do... suppress gen_id 0, sig_id 0, track by_src, ip x.x.x.x/24 suppress gen_id 0, sig_id 0, track by_src, ip y.y.y.y/24 and so on. It also states that a list of IP's can be used. Is this just a single CIDR or can you have multipule CIDR/individual IPs on one suppress statement now? If so what is the correct format to use? Thx, Wally --- --- --- --------------------------------------------------------------------- Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- New Suppress Jason Wallace (Sep 24)
- Re: New Suppress JJ Cummings (Sep 24)
- Re: New Suppress rcombs (Sep 24)
- Re: New Suppress Jack Pepper (Sep 24)
- Re: New Suppress Jason Brvenik (Sep 24)
- Re: New Suppress JJ Cummings (Sep 24)