[Snort-users] Snort 1.8.7b6 not listen to BPF filters
michael.boman at ...4162...
Thu Jul 18 06:47:09 EDT 2002
-----BEGIN PGP SIGNED MESSAGE-----
I have some issues with Snort and I was hoping you could give me some help.
I have tried to make Snort ignore traffic from a specific address (namely the
vuln-scan server) without much luck. I have tried:
/usr/bin/snort -D -U -o -i eth1 -c /etc/snort_eth1/snort.conf -z not host
usr/bin/snort -D -U -o -i eth1 -c /etc/snort_eth1/snort.conf -F
where content of 'ignore.bpf' is:
not host x.x.x.x
Of course, x.x.x.x is the real IP address of the vuln-scan server...
Any ideas what could be wrong?
Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
More information about the Snort-users