[Snort-users] Viewing ACID set's off P..O..R..N rules ...

Scott Renna srenna at ...9588...
Mon Jul 21 14:14:22 EDT 2003


you forgot to add the word "host" before your IP


***************************
Scott Renna
Head Systems Administrator
Dynamic Animation Systems
703-503-0500

*************************** 

-----Original Message-----
From: Jason Whitson [mailto:jason at ...9559...] 
Sent: Monday, July 21, 2003 5:13 PM
To: Scott Renna; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Viewing ACID set's off P..O..R..N rules ...


So ...

/usr/local/bin/snort -U -d -D -c /etc/snort/snort.conf not \
172.16.1.172:80 ?

Because that didn't work. Do I surround my IP in ( ) ... ?


- Jason


----- Original Message -----
From: "Scott Renna" <srenna at ...9588...>
To: "'Jason Whitson'" <jason at ...9559...>;
<snort-users at lists.sourceforge.net>
Sent: Monday, July 21, 2003 3:32 PM
Subject: RE: [Snort-users] Viewing ACID set's off P..O..R..N rules ...


> Try this from 7/8:
>
> Bryan Irvine <bryan.irvine at ...9066...> writes:
>
> > Is there a way to get snort to skip over ip's?  I keep tripping the 
> > porno alerts whenever I view someone elses porno log in acid.  I'd 
> > like for it to not log my ip.
>
> The easiest way is to do a bpf filter on the snort command line
>
> snort <args> not \( host <ip> and port 80 \)
> --
> Chris Green <cmg at ...1935...>
> I've had a perfectly wonderful evening. But this wasn't it.
>      -- Groucho Marx
>
>
>
> ***************************
> Scott Renna
> Head Systems Administrator
> Dynamic Animation Systems
> 703-503-0500
>
> ***************************
>
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Jason 
> Whitson
> Sent: Monday, July 21, 2003 4:24 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Viewing ACID set's off P..O..R..N rules ...
>
>
> Well today I decided to turn on the P..O..R..N ruleset to see if 
> anyone here wan't working on ... work.
>
> Much to my surprise, ACID "blew up" with Rule violations. This is 
> great and all but when I view the rule violations in the ACID console 
> and refresh to see the latest, all the rules that were listed get 
> relisted because I was viewing them!
>
> Is there a way to exclude the machine I use to view the ACID console 
> from the rules? I would hate to have to explain the rule 
> violationsfrom my workstation. Even though the source IP is the box 
> running snort ...
>
> - Jason
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: VM Ware
> With VMware you can run multiple operating systems on a single 
> machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual 
> machines at the same time. Free trial click here: 
> http://www.vmware.com/wl/offer/345/0
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: VM Ware
> With VMware you can run multiple operating systems on a single 
> machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual 
> machines at the same time. Free trial click here: 
> http://www.vmware.com/wl/offer/345/0
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>





More information about the Snort-users mailing list