[Snort-users] (no subject)

wfz at ...7588... wfz at ...7588...
Fri Dec 5 06:29:01 EST 2003


Does someone know if it is possible to configure the stream4 preprocessor to ignore one single host?
I´m receiving alerts for a kind of traffic I know is legal, and I want to filter them.
I´ve generated a rule and 'include'd it into the snort.conf file as permitted.rules:

pass tcp 'source_ip' 721 -> 'dest_ip' 515

but I still receive the alarms.
I also added :

preprocessor portscan-ignorehosts <source_ip>

but still receive alarms from spp_portscan with that source ip address.
Can someone point me in the right direction?

Rgds.
__________________________________________________

Todavía no tenés tu Ciudad Internet Mail? Obtenelo ahora! - http://webmail.ciudad.com.ar

Descargá Gratis el nuevo Internet Explorer 6.0, el mejor software para actualizar tu PC.
http://www.ciudad.com.ar/ar/servicios/ie/





More information about the Snort-users mailing list