[Snort-users] HOWTO Ignore specific IP addresses

Edin Dizdarevic edin.dizdarevic at ...7509...
Tue May 13 10:53:02 EDT 2003


Hi,

use BPF filter directives on the command line
snort [...] not host 192.168.1.1 and not host ...

That is the fastest way. See tcpdump manpage for more
options. You can filter on flags, protocols, ports etc.

Regards,

Edin


Michael Parkinson wrote:
> Hi All,
> 
> OK slowly going brain dead here.
> 
> Current set-up is two web servers attached to a SNAZ NFS server.
> 
> When I kick Snort into action it works fine BUT I get literally hundreds of
> false positives :
> 
> BAD TRAFFIC bad frag bits
> MISC Large UDP Packet
> 
> A simple solution is to tell Snort to ignore this server
> completely....Simply put how do I get Snort to ignore this machine
> completely?
> 
> All help appreciated.
> 
> With thanks
> 
> Mike
> 
> ====================================================
> http://www.ishop.co.uk/
> Build on-line.
> Buy online.
> The only UK based complete e-commerce package.
> ====================================================
> Michael Parkinson BSc.(Hons)
> Technical Director
> Intellnet Limited
> 5 Priors
> London Road
> Bishops Stortford
> Herts
> CM23 5ED
> ====================================================
> Phone	      :	01279 602800
> DDI	      :	01279 602805
> Fax	      :	01279 600815
> Mobile	:	07770 380511
> ICQ No.	:	47666166
> E-mail	:	michael at ...9163...
> 		      michael at ...9164...
> URL	      :    http://www.intellnet.net.uk/
> 		      http://www.ishop.co.uk/
> ====================================================
> 
> 
> 
> -------------------------------------------------------
> Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara
> The only event dedicated to issues related to Linux enterprise solutions
> www.enterpriselinuxforum.com
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 

-- 
Edin Dizdarevic
Networking Unit
Internet- & e-Security

iAS interActive Systems
Gesellschaft fuer interaktive Medien mbH
Dieffenbachstr. 33c
10967 Berlin
Germany

fon     +49-(0)30 69 004-123
fax     +49-(0)30 69 004-101
mail    edin.dizdarevic at ...7509...
URL     http://www.interActive-Systems.de/security





More information about the Snort-users mailing list