[Snort-users] VPN and UDP alerts

Allan Dover allan at ...8825...
Thu Apr 24 10:17:09 EDT 2003


Hey Everyone !

I have a few users who use VPN connections to connect to corporate email.  I
currently have a snort box sitting on a transparent bridge.  After the vpn
is established from my LAN to the VPN Server on the internet I get UDP
alerts coming up in snort.

Is there a way to not alert or log UDP:500 as source ?  Would I make a rule
to do this ?  I havent ventured into rule making as of yet.

Any Idea's suggestions ?  Greatly Appreciated !

Allan

Allan Dover
Systems Administrator
allan at ...8825...

###################################################
This e-mail communication (including any or all attachments) is intended
only for the use of the person or entity to which it is addressed and may
contain confidential and/or privileged material. If you are not the intended
recipient of this e-mail, any use, review, retransmission, distribution,
dissemination, copying, printing, or other use of, or taking of any action
in reliance upon this e-mail, is strictly prohibited. If you have received
this e-mail in error, please contact the sender and delete the original and
any copy of this e-mail and any  printout thereof, immediately. Your
co-operation is appreciated.






More information about the Snort-users mailing list