[Snort-users] Snort pass rules question

Pietersma, Kevin (CA - Toronto) kpietersma at ...626...
Mon Aug 12 18:25:03 EDT 2002



-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1



- From the SNORT FAQ (http://www.snort.org/docs/faq.html)

3.7 --faq-- --snort-- --faq-- --snort-- --faq-- --snort-- --faq--

Q: How do I ignore traffic coming from a particular host or hosts?



A: Write pass rules and add the host(s) to the portscan-ignorehosts

list.

   Call Snort with the -o option to activate the pass rules.

   See http://www.snort.org/docs/writing_rules/ for more information.



A: Use bpf on the commandline to ignore a host (for example):



       $ snort  not host 192.168.0.1





Cheers,

Kev Pietersma



- -----Original Message-----

From: snort-users-admin at lists.sourceforge.net

[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Eric Joe

Sent: Monday, August 12, 2002 3:43 PM

To: snort-users at lists.sourceforge.net

Subject: [Snort-users] Snort pass rules question





Hello,

I am trying to get snort to ignore SNMP requests from a machine

running

MRTG to my router. I haveinclude $RULE_PATH/local.rules

at the end of my snort.conf file and I have the following rule in my

local.rules file:

pass udp 192.168.1.3 any -> 192.168.1.1 161



Is my syntax correct? Do I have to use the -o switch to get it to use

the

local.rules?

Thanks





- -- 

Eric Joe

Network Operations

Journey's End Internet/Computer Connection Inc









- -------------------------------------------------------

This sf.net email is sponsored by: Dice - The leading online job

board

for high-tech professionals. Search and apply for tech jobs today!

http://seeker.dice.com/seeker.epl?rel_code=31

_______________________________________________

Snort-users mailing list

Snort-users at lists.sourceforge.net

Go to this URL to change user options or unsubscribe:

https://lists.sourceforge.net/lists/listinfo/snort-users

Snort-users list archive:

http://www.geocrawler.com/redir-sf.php3?list=snort-users



-----BEGIN PGP SIGNATURE-----

Version: PGP 7.1



iQA/AwUBPVghJWcZhd/EblG8EQIINACeKeXYhi+zIciV809QURCvZg8LVoAAoJPO

l2qmeUudOW1sdSN2sQoO6z8m

=1hT3

-----END PGP SIGNATURE-----


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020812/d3cb73a6/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGPexch.htm.asc
Type: application/octet-stream
Size: 1959 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020812/d3cb73a6/attachment.obj>


More information about the Snort-users mailing list