[Snort-users] Excluding $HOME_NET -> $HOME_NET Alerts

Ed Kasky ed at ...3483...
Sun May 19 19:01:02 EDT 2002


Is there a way to disable certain alerts from any home_net host to another 
home_net host?  I back up my web server over the wire to a tape machine and 
get flooded with "Shellcode X86 Noop" alerts whenever I run it.  I also get 
a lot of "WEB-MISC long basic authorization string" alerts using acid to 
view alerts in a mysql database.

I was under the impression that "alert ip $EXTERNAL_NET any -> $HOME_NET" 
took care of this.

 From my snort.conf:
var HOME_NET 10.0.0.0/24

I use 10.0.0.1 through 25 on the home_net.

Any suggestions are greatly appreciated...

Thanks in advance.

Ed
~~
Ed Kasky
Los Angeles, CA
. . . . . . . .
A professional is a person who can do his best at a time when
he doesn't particularly feel like it.
         ~~ Alistair Cooke





More information about the Snort-users mailing list