[Snort-users] Snort 1.8.7b6 not listen to BPF filters

Michael Boman michael.boman at ...4162...
Thu Jul 18 06:47:09 EDT 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I have some issues with Snort and I was hoping you could give me some help.

I have tried to make Snort ignore traffic from a specific address (namely the 
vuln-scan server) without much luck. I have tried:

/usr/bin/snort -D -U -o -i eth1 -c /etc/snort_eth1/snort.conf -z not host 
x.x.x.x

and

usr/bin/snort -D -U -o -i eth1 -c /etc/snort_eth1/snort.conf -F 
/etc/snort_eth1/ignore.bpf -z

where content of 'ignore.bpf' is:
not host x.x.x.x

Of course, x.x.x.x is the real IP address of the vuln-scan server...

Any ideas what could be wrong?

Best regards
 Michael Boman

- -- 
Michael Boman
Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd)
http://www.securecirt.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9NsbNds5fQJiraJwRAus+AJ9CLkzaL1XNGDvq0dwlROJs21v91wCgmvPB
UvGPZFhAkRbNhOULE3Q4zk4=
=bAe1
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list