Snort mailing list archives
Re: New Suppress
From: Jack Pepper <pepperjack () afferentsecurity com>
Date: Thu, 24 Sep 2009 09:07:04 -0500
Quoting Jason Wallace <jason.r.wallace () gmail com>:
I would like to suppress all alerts from our external vulnerability scanning service. Their scans can come from numerous IP ranges.
I use PASS rules for that. The problem with suppress is that the test packets pass through the rule base and get inspected, then get ignored. The PASS rule fires first and ends the analysis. jp -- Framework? I don't need no stinking framework! ---------------------------------------------------------------- @fferent Security Labs: Isolate/Insulate/Innovate http://www.afferentsecurity.com ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- New Suppress Jason Wallace (Sep 24)
- Re: New Suppress JJ Cummings (Sep 24)
- Re: New Suppress rcombs (Sep 24)
- Re: New Suppress Jack Pepper (Sep 24)
- Re: New Suppress Jason Brvenik (Sep 24)
- Re: New Suppress JJ Cummings (Sep 24)