[Snort-users] Problems ignoring a host

Peter Sundstrom peter at ...4950...
Mon Feb 11 17:50:02 EST 2002


I'm trying to ignore alerts triggered by our scanner without any luck.

I've read through the doco and FAQ, and seem to have everything that is required, but obviously, I'm still missing something.

I'm running snort 1.8.3 on Solaris 2.6.  It gets started with:

snort -bdD -o -c /usr/local/etc/snort.conf

Note, that I have the -o flag to change the rule processing order.

In snort.conf, I have include local.rules in the rulesets.  I tried changing the order of the rulesets, without any difference.

In local.rules I have:

pass IP 192.168.1.25/32 any -> any any
pass TCP 192.168.1.25/32 any -> any any
pass ICMP 192.168.1.25/32 any -> any any
pass UDP 192.168.1.25/32 any -> any any

What am I missing?





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020211/7e2a39be/attachment.html>


More information about the Snort-users mailing list