[Snort-users] IP Question Part 2
WirthJe at ...4876...
Thu Aug 8 07:24:05 EDT 2002
From: Jim Gifford [mailto:maillist at ...6454...]
> My original question was how can I prevent my companies VPN
> server showing
> in snort?
> I have added the rule
> pass tcp (inet_ip) any <> (vpn_ip) any
> But I still get the following message from snort.
> " spp_stream4: TTL EVASION (reassemble) detection"
Drop packets to/from "vpn-ip" before they hit the Snort engine using BPF....
./snort <snort options> not host (vpn-ip)
Check the Snort Users Manual or the FAQs (
http://www.snort.org/docs/faq.html#3.7 ) from more information..
More information about the Snort-users