[Snort-users] IP Question Part 2

Wirth, Jeff WirthJe at ...4876...
Thu Aug 8 07:24:05 EDT 2002


From: Jim Gifford [mailto:maillist at ...6454...]
> 
> My original question was how can I prevent my companies VPN 
> server showing
> up
> in snort?
> 
> I have added the rule
> pass tcp (inet_ip) any <> (vpn_ip) any
> 
> But I still get the following message from snort.
> " spp_stream4: TTL EVASION (reassemble) detection"
> 

Drop packets to/from "vpn-ip" before they hit the Snort engine using BPF....

	./snort <snort options> not host (vpn-ip)

Check the Snort Users Manual or the FAQs (
http://www.snort.org/docs/faq.html#3.7 ) from more information..

- Jeff




More information about the Snort-users mailing list