[Snort-users] Ignore some ip's

LaraCroft laracroft at ...2400...
Wed Jun 27 04:06:51 EDT 2001


Hello:

I have installed a snort in a linux-firewall, my network is:

internet -> firewalll & snort -> internet servers


In my snort log appears many entries of source conexions from my 
internet servers. I don't want this, i want that snort ignore the 
conexions from  my internet servers to another sites.

How can i do this? i have put this in my snort.conf:

var DNS_SERVERS [ip_primary_dns_server/32,ip_secundary_dns_server/32]

preprocessor portscan-ignorehosts: $DNS_SERVERS

but in my snort log there is already many entries from dns_servers.

any ideas?

LaraCroft





More information about the Snort-users mailing list