[Snort-sigs] Suppressing both SRC AND DST in threshold.conf?

Eric Hines eric.hines at ...1663...
Fri Jul 14 11:28:00 EDT 2006


All,

Is it possible to create a suppression line that specifies a match for 
BOTH SRC AND DST? And if it is allowed, what would the proper syntax be? 
The threshold.conf comments only offer examples for using SRC or DST.

E.g.

suppress gen_id 1, sig_id 2002749, track by_src, ip 0.0.0.0,track 
by_dst,ip 255.255.255.255

Snort doesn't seem to be complaining when I do this..

-- 

Best Regards,

Eric S. Hines, GCIA, CISSP
CEO, President, Chairman
Applied Watch Technologies, LLC


--------------------------------------------------

Eric S. Hines, GCIA, CISSP
CEO, President, Chairman
Applied Watch Technologies, LLC

--------------------------------------------------

Email:   eric.hines at ...1663...
Address: 1095 Pingree Road
          Suite 213
          Crystal Lake, IL
          60014
Tel:     (877) 262-7593 ext:327
Local:   (847) 854-5831
Fax:     (847) 854-5106
Web:     http://www.appliedwatch.com

--------------------------------------------------
Security Management for the Open Source Enterprise



-------------- next part --------------
A non-text attachment was scrubbed...
Name: eric.hines.vcf
Type: text/x-vcard
Size: 372 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20060714/fe924ac1/attachment.vcf>


More information about the Snort-sigs mailing list