[Snort-users] VPN and UDP alerts
neil at ...1633...
Fri Apr 25 10:51:38 EDT 2003
"Allan Dover" <allan at ...8825...> wrote asking:
>Is there a way to not alert or log UDP:500 as source ? Would I make a rule
>to do this ? I havent ventured into rule making as of yet.
A "pass" rule in 'local.rules' would probably do the trick. Something
pass udp $VPN-NET 500 <> $HOME_NET any
... would probably do it. Then restart Snort, and make sure you're
using the '-o' rule on the command line.
Neil Dickey, Ph.D.
Northern Illinois University
More information about the Snort-users