[Snort-users] Ignorehosts still not working...

Hicks, John JHicks at ...5857...
Thu Dec 19 08:30:09 EST 2002


add /32 for CIDR notation?
var DNS_SERVERS [207.108.40.xxx/32,207.108.40.xxx/32]

hth,
John

-----Original Message-----
From: Marc Quibell [mailto:mquibell at ...7759...]
Sent: Thursday, December 19, 2002 10:07 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Ignorehosts still not working...




My snort cmd line is:
 /usr/local/bin/snort -o -q -i eth1  -c
/usr/local/demarc/conf/snorteth1.conf

My snorteth1.conf is as follows:
var HOME_NET any
var EXTERNAL_NET any
var SMTP $HOME_NET
var HTTP_SERVERS $HOME_NET
var SQL_SERVERS $HOME_NET
#var DNS_SERVERS $HOME_NET
var DNS_SERVERS [207.108.40.xx,207.108.40.xxx]
var HTTP_PORTS 80
var ORACLE_PORTS 1521

preprocessor defrag
preprocessor stream2: timeout 10, ports 21 23 80 110 143, maxbytes 16384
preprocessor unidecode: 80
preprocessor rpc_decode: 111
preprocessor bo: -nobrute
preprocessor telnet_decode
preprocessor portscan: $HOME_NET 4 3 portscan.log
preprocessor portscan-ignorehosts: $DNS_SERVERS
preprocessor stream4: detect_scans, disable_evasion_alerts

output database: log, mysql, user=snort_ike dbname=snortmaster
password=ikeacc3s
s host=192.168.45.111 sensor_name=ike.fbfs.com


#BEGIN RULES:

I cannot get it to ignore those two hosts. Suggestions?

THanks.

Marc




-------------------------------------------------------
This SF.NET email is sponsored by: Geek Gift Procrastinating?
Get the perfect geek gift now!  Before the Holidays pass you by.
T H I N K G E E K . C O M      http://www.thinkgeek.com/sf/
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list