[Snort-sigs] snort whitelist
cgibbons at ...1299...
Thu Mar 25 11:13:01 EST 2004
I have difficulty using BPF filters with traffic that is 802.1q
vlan-tagged. I have found it more effective to construct custom, careful
"pass" rules and run snort with its -o option.
- Carl Gibbons GCIA, Network Security Engineer, University of Denver
frank at ...2338... wrote:
>MEGA Hospedagem <snort at ...2336...>:
>>is it possible to set snort to don't even analyze packets from certain
>Yes, you can do this by passing a BPF-Filter on startup.
>$ snort src not 192.168.1.1 and dst not 192.168.1.1
More information about the Snort-sigs