[Snort-sigs] snort whitelist

Carl Gibbons cgibbons at ...1299...
Thu Mar 25 11:13:01 EST 2004


I have difficulty using BPF filters with traffic that is 802.1q

vlan-tagged. I have found it more effective to construct custom, careful 
"pass" rules and run snort with its -o option.

- Carl Gibbons GCIA, Network Security Engineer, University of Denver

frank at ...2338... wrote:

>MEGA Hospedagem <snort at ...2336...>:
>  
>
>>is it possible to set snort to don't even analyze packets from certain
>>IP?
>>    
>>
>
>Yes, you can do this by passing a BPF-Filter on startup.
>
>eg. 
>$ snort src not 192.168.1.1 and dst not 192.168.1.1
>
>HTH Frank





More information about the Snort-sigs mailing list