[Snort-users] Customizing snort rules
edin.dizdarevic at ...7509...
Tue Apr 6 03:28:08 EDT 2004
if you take a look at those rules you may notice the data flow described
by the rule is (except for the rules id 1415 and 1416) in this form:
EXTERNAL_NET -> HOME_NET (...)
There is no reason for snort to trigger otherwise as described. So you
may want to check your configuration vars again.
Otherwise check the FAQ for the possibility how to blend out specific
hosts from being seen by Snort or how to write special pass-Rules
simonkc at ...11578... schrieb:
> Hi Edin,
> I have properly defined the HOME_NET and EXTERNAL_NET variables??
> The rules that are getting triggered are SNMP rules.i.e. whenever our NMS
> management server polls some devices,the rule triggers.
> I want to be able to disable these triggers for some specific IP hosts. The
> SNMP rule should not be disabled and continue to look for SNMP traffic.
> Thanks and Regards
More information about the Snort-users