[Snort-users] HOWTO Ignore specific IP addresses

Steven Rudolph srudolph at ...4612...
Tue May 13 14:04:08 EDT 2003

Add this line to the end of your snort startup script:
'not src host aaa.bbb.ccc.ddd && not src host aaa.bbb.ccc.ddd && not src
host aaa.bbb.ccc.ddd && not src host aaa.bbb.ccc.ddd'

This works for me.

-----Original Message-----
From: Michael Parkinson [mailto:michael at ...9163...] 
Sent: Tuesday, May 13, 2003 12:39 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] HOWTO Ignore specific IP addresses

Hi All,

OK slowly going brain dead here.

Current set-up is two web servers attached to a SNAZ NFS server.

When I kick Snort into action it works fine BUT I get literally hundreds
of false positives :

BAD TRAFFIC bad frag bits
MISC Large UDP Packet

A simple solution is to tell Snort to ignore this server
completely....Simply put how do I get Snort to ignore this machine

All help appreciated.

With thanks


Build on-line.
Buy online.
The only UK based complete e-commerce package.
Michael Parkinson BSc.(Hons)
Technical Director
Intellnet Limited
5 Priors
London Road
Bishops Stortford
CM23 5ED
Phone	      :	01279 602800
DDI	      :	01279 602805
Fax	      :	01279 600815
Mobile	:	07770 380511
ICQ No.	:	47666166
E-mail	:	michael at ...9163...
		      michael at ...9164...
URL	      :    http://www.intellnet.net.uk/

Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara
The only event dedicated to issues related to Linux enterprise solutions

Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3213 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030513/a116b51a/attachment.bin>

More information about the Snort-users mailing list