[Snort-users] Excluding $HOME_NET -> $HOME_NET Alerts
ed at ...3483...
Sun May 19 19:01:02 EDT 2002
Is there a way to disable certain alerts from any home_net host to another
home_net host? I back up my web server over the wire to a tape machine and
get flooded with "Shellcode X86 Noop" alerts whenever I run it. I also get
a lot of "WEB-MISC long basic authorization string" alerts using acid to
view alerts in a mysql database.
I was under the impression that "alert ip $EXTERNAL_NET any -> $HOME_NET"
took care of this.
From my snort.conf:
var HOME_NET 10.0.0.0/24
I use 10.0.0.1 through 25 on the home_net.
Any suggestions are greatly appreciated...
Thanks in advance.
Los Angeles, CA
. . . . . . . .
A professional is a person who can do his best at a time when
he doesn't particularly feel like it.
~~ Alistair Cooke
More information about the Snort-users