[Snort-users] Pass rule not passing preprocessors (Absent jusqu'au 29/07/2002)

Pascal Painparay pascal.painparay at ...8874...
Mon Apr 21 06:43:17 EDT 2003


Je suis absent jusqu'au 21/04/03 inclus. 
En cas d'urgence, Vous pouvez contacter :
  Christophe Savin au 01 49 15 32 75.

Cdt
Pascal Painparay

>>> snort-users 04/21/03 15:21 >>>

"Always Bishan" <bishan4u at ...1396...> writes:

> Hi Snorters,
>
> I wrote a pass rule which will pass anything coming
> from one machine.
> pass tcp 192.168.1.2 -> any any
> pass icmp 192.168.1.2 -> any any
> pass udp 192.168.1.2 -> any any
>

[...]

> Now by writing this pass rule I'm able to avoid any
> alerts from my rules directory, but preprocessors are
> still generating alerts. 
>
> Is there anyway to avoid this?

If you want to omit traffic from that machine completely, disable all
traffic from it in your bpf filter for snort.

snort <command args> not host 192.168.1.2
-- 
Chris Green <cmg at ...1935...>
To err is human, to moo bovine.


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list